Previously Tres Seaver wrote:
> Hash: SHA1
> Christoph Zwerschke wrote:
> > Hello, a question about the repoze.who plugin concept:
> > 
> > I'm just writing a plugin for authentication against an XML-RPC service,
> > implementing the authenticator and metadata provider interfaces .
> > 
> > Inside the authenticate() method, I make a call to the XML-RPC service
> > to check if the user exists and has entered the right password. That
> > same call already returns all the metadata about the user that I need.
> > 
> > What's the best way to store that information so that it can be reused
> > later in the add_metadata() method? I want to avoid making another
> > costly call to the remote service. Simply stuff the information
> > somewhere into the environ or identity dict?
> > 
> > The same applies when you have to check a remote database with the sql
> > plugin. Currently, every successful authentication makes two queries,
> > one to check whether the users exist and one to get their data. Wouldn't
> > it be better to handle both tasks with one query? The api with the
> > different plugin types is nice, but it also causes such redundant calls.
> > Or do I overlook something?
> IAuthenticator plugins are free to scribble on the 'identity' mapping
> passed to authenticate, which should mean that you can avoid registering
> a metadata plugin at all.  You could also add information to the
> 'environ' directly, if need be.

If you use auth_tkt you will probably want a metadata plugin which only
does something if the metadata hasn't been set yet.


Wichert Akkerman <>    It is simple to make things.                   It is hard to make things simple.
Repoze-dev mailing list

Reply via email to