Control was definately one of the concerns. But I am only relying on
a potential pool of
authentication providers (google, facebook, myspace ....) for basic user auth.
It is also possible that I may need to run on appengine, so I may take
the approach of building
repoze.who plugins along the line of the existing AEoid wsgi
middleware by Nick Johnson
for openid that mirrors much of the existing google app engine user auth api.
I am still just collecting ideas for approaches at the moment, trying
to see what code
is out there that I can leverage off.
I also have a requirement for an authorization model that is fairly
sophisticated (once I have identified users) with persistent ACL's
and some workflow.
On Mon, Jan 25, 2010 at 10:02 PM, Chris McDonough <chr...@plope.com> wrote:
> That would be a good reason to use r.who in this case, sure.
> Of course, if you don't have enough control when you use r.who, you can
> always take the code "internal" if you need to by creating a BFG
> authentication policy based on the code from these plugins.
> Tim Hoffman wrote:
>> Hi Chris
>> On the face of it then , I will probably do the work as plugins to
>> repoze.who as it seems there are a few repoze.who plugins
>> already in existence for OAuth , openid, facebook connect etc.... that
>> I can hopefully leverage off.
>> On Mon, Jan 25, 2010 at 6:46 PM, Chris McDonough <chr...@plope.com> wrote:
>>> I don't think it makes much of a difference if you need to write it all
>>> scratch anyway. Either would be fine.
>>> - C
>>> Tim Hoffman wrote:
>>>> Hi Folks
>>>> I am looking for some advice.
>>>> I need to be able to use multiple authentication sources for a new
>>>> repoze.bfg based app. Do you think I should should use repoze.who
>>>> or try and hook the various auth directly under bfg's existing
>>>> authenctication model ?
>>>> Repoze-dev mailing list
>> Repoze-dev mailing list
Repoze-dev mailing list