It seems to me you are confused about how pyramid separates authentication, authorization and the login process.
The steps involved here are: 1. Is the user authenticated? This is done by checking if the authentication policy can find valid credentials in a request. If they are then great, skip to step 3, but if not you'll want to have the user login. This is a passive process if your views are protected by permissions. The system saw that there were no user credentials in the request headers, so it raised a HTTPForbidden exception, which you can then catch in an exception view and use to redirect the user to your login page. 2. Redirect the user to your login system. This would be a page that allows the user to select how they wish to login. Great they clicked on the facebook auth button, which redirect the user to velruse. 2a. Velruse is now responsible for taking the user to facebook, having them login, then handling the response from facebook and parsing out the credentials. 2b. Velruse has now come back to your pyramid application and told you that the user is logged in, and here are its credentials. You must take those credentials, and tell your authentication policy to remember them, effectively logging the user into your application. 3. Yay, the user is authenticated! Let's turn that userid into a list of principals describing them and match that up with the ACLs in our resource tree by looking at the __acl__ in our context. If there was an entry in the ACL that matched, check if it's allow or deny. Deny?? Noooo, pyramid raises HTTPForbidden which you can catch in an exception view and determine if they are really not allowed or if they are simply not logged in. Allowed? Yay, the view is called and all is happy. To be clear you can replace the word "velruse" here with anything that handles telling your application that this user is trusted, and here are their credentials. For example, this may simply be a login form with username/password fields that goes to a view in your app that compares those values with the database. If the values match, then you can go to step 2b. Does this help? On Mon, Jan 2, 2012 at 10:40 AM, Kesav Kumar Kolla <[email protected]>wrote: > Is there any module available for open id and oauth integrating with > pyramid? I've looked into velruse but I'm not sure how to get the security > principle into the context. Has any one tried openid or oauth with > pyramid? > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/pylons-discuss/-/ls45HeowWUEJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
