>> app = HTTPExceptionHandler(app)
>>
>> Example middleware:
>> http://hg.sandbox.lt/authform-middleware/file/2be2aba0a1b7/authform_middleware/authform.py
>
> Generally you shouldn't throw expected exceptions outside of your
> application. So HTTPExceptionHandler should be wrapping your
> controllers directly, and should translate any HTTPAuthorizationRequired
> exceptions into proper 401 responses. I don't think the auth middleware
> should wrap these itself.
Agreed. My mistake. That's the way AuthKit works but AuthKit is
authentication/authorization middleware (not only authentication).
>> 2. I think we should agree that user data if there is some data arriving
>> with authentication should be put into REMOTE_USER_DATA env. variable.
>> E.g. some SREG data comes with OpenID authentication and I put it into
>> dict converted to string ('{"nickname": "dalius"}') and later eval it so
>> it could be used. I'm not sure if data string must be agreed (e.g.
>> nickname, locale and etc) or leave that for authentication
>> plugin/middleware author to fix.
>
> evaling is generally a bad idea. You could consider it JSON or some
> more limited serialization of data. Or put it in, say,
> environ['x-wsgiorg.user_data'], a real dictionary.
This way is acceptable and enough for me. Not sure about others. Just
put that variable 'x-wsgiorg.user_data' in your specification.
Thank you for really complete answers.
Regards,
Dalius
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
