Previously Tres Seaver wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Christoph Zwerschke wrote: > > Hello, a question about the repoze.who plugin concept: > > > > I'm just writing a plugin for authentication against an XML-RPC service, > > implementing the authenticator and metadata provider interfaces . > > > > Inside the authenticate() method, I make a call to the XML-RPC service > > to check if the user exists and has entered the right password. That > > same call already returns all the metadata about the user that I need. > > > > What's the best way to store that information so that it can be reused > > later in the add_metadata() method? I want to avoid making another > > costly call to the remote service. Simply stuff the information > > somewhere into the environ or identity dict? > > > > The same applies when you have to check a remote database with the sql > > plugin. Currently, every successful authentication makes two queries, > > one to check whether the users exist and one to get their data. Wouldn't > > it be better to handle both tasks with one query? The api with the > > different plugin types is nice, but it also causes such redundant calls. > > Or do I overlook something? > > IAuthenticator plugins are free to scribble on the 'identity' mapping > passed to authenticate, which should mean that you can avoid registering > a metadata plugin at all. You could also add information to the > 'environ' directly, if need be.
If you use auth_tkt you will probably want a metadata plugin which only does something if the metadata hasn't been set yet. Wichert. -- Wichert Akkerman <wich...@wiggy.net> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
