Hi Jamie, It sounds like you already have a farily sophisticated setup so I'd recommend rolling your own but using the AuthKit code as an example for anything you wish to build yourself.
One tip though, I now believe using exceptions to trigger the 401 and 403 responses and then intercepting them in WSGI middleware is not a good design pattern. New code I'm working on generates a normal response in the authorization decorators or whereever the check fails instead of in the WSGI middleware. This avoids problems with other middleware components intercepting exceptions when they aren't supposed to and also avoids issues around the WSGI middleware trying to generate a page using objects which are only available where the exception was raised. It is just less tangled so I'd recommend you avoid using exceptions in your own code too. Cheers, James (AuthKit author) On Jan 2, 2:36 am, Jamie <[email protected]> wrote: > I'm working on porting an old PHP project of mine over to Pylons. For > authentication this project mainly uses a lot of Postgres stored > procedures. As well as checking valid login attempts, the database > generates and tracks authentication tokens that are stored client-side > in cookies. Each token is calculated by hashing the username, ip > address, useragent, and some other stuff. Current valid tokens are > stored in a db table. The cookie expiration (token timeout) is > automatically updated each time the token is used, up to a maximum > lifetime. If I expect to port this app over successfully, this > authentication system cannot be altered at this time. > > I know that I can use a customized authentication backend with > Authkit, but I'm not sure that it's made to be tweaked this throughly > (short of essentially forking it...meh). But I do like middleware-ish > features like the decorators and intercepting HTTP status codes. > > Should I roll-my-own solution now and maybe port it over to AuthKit > down the road, or can I drop-in the functionality I need without > murdering the existing code too much? -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
