Hash: SHA1

Christoph Zwerschke wrote:
> Hello, a question about the repoze.who plugin concept:
> I'm just writing a plugin for authentication against an XML-RPC service,
> implementing the authenticator and metadata provider interfaces .
> Inside the authenticate() method, I make a call to the XML-RPC service
> to check if the user exists and has entered the right password. That
> same call already returns all the metadata about the user that I need.
> What's the best way to store that information so that it can be reused
> later in the add_metadata() method? I want to avoid making another
> costly call to the remote service. Simply stuff the information
> somewhere into the environ or identity dict?
> The same applies when you have to check a remote database with the sql
> plugin. Currently, every successful authentication makes two queries,
> one to check whether the users exist and one to get their data. Wouldn't
> it be better to handle both tasks with one query? The api with the
> different plugin types is nice, but it also causes such redundant calls.
> Or do I overlook something?

IAuthenticator plugins are free to scribble on the 'identity' mapping
passed to authenticate, which should mean that you can avoid registering
a metadata plugin at all.  You could also add information to the
'environ' directly, if need be.

- --
Tres Seaver          +1 540-429-0999          tsea...@palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Repoze-dev mailing list

Reply via email to