Kevin Horn schrieb:
Perhaps even the user object could be pluggable, allowing users to create their own user objects. Most people shouldn't need this, but I'm sure it would be useful to some.Thoughts?
IMHO the user object MUST be pluggable - especially if you don't have a simple user model like identity assumes but different users which are authenticated against different authentication sources.
Please don't assume that everything is username+password. There is more: Sometimes clients (mostly banks) want a branch number before. Others have a user name but require something what is essentially a second password. So smooth 95% of the use cases (username+password) but don't make the more complicated ones impossible.
And last but not least it should be easy to extend the auth* stuff for things like captchas and form tokens. An implementation built into the standard library is something (IMHO) which can be post-poned after 2.0.
fs
smime.p7s
Description: S/MIME Cryptographic Signature
