apologies for my vagueness. The 3rd party solution is a booking system that stores all customer records. for custom web development we have to use their api.
customers primary key is the email address and the password is stored with them as they also offer a generic solution if you don't use their api. I want to link web2py auth to them so that the auth login form just passes the email and password over to the 3rd party. The way to know if the email and password combination are correct, you parse the returned xml. an example communication with the 3rd party: import httplib2 textxml = "<AuthenticateCustomer><Email>[email protected]</Email><Password>PASSWORD</Password></AuthenticateCustomer>" h = httplib2.Http(ca_certs="ca.crt") h.add_certificate("certificate.key", "certificate.crt","3rdparty.com") headers = {'Content-Type': 'application/xml'} uri = "https://api.3rdparty.com/authenticate?api_key=612002a1-d9a4-4ee8-8437-85222556d53d"; response, content = h.request(uri, method="POST", body=textxml, headers= headers) print content the print will return something like: <CredentialsValid>false</CredentialsValid><customer id="123456789" /> the true or false in credentialsvalid is to know if the email/password combination is correct. The customer id is returned based on on the email address. other than the email, this is the only customer identifiable piece of information. This means web2py has to maintain a session, but not store the password. Further communication with the 3rd party is based on the email address and customer id. They do tie the customer id with a basket id, but that is only once the customer starts adding things to their basket and isn't technically a session that i or web2py can utilise. >From looking at basic_auth.py it looks like i can quite easily make a copy of this that includes the above and an extra step that parses the contents of the returned xml, but wanted to check if this is the best method and how to then retain the customer id in the web2py session or auth table. Alternatively, do i just put the custom version of basic_auth in db.py above any auth reference? Hope this expansion helps. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
