A request for supporting an arbitraty authorization hander like mod_python's PythonAuthzHandler was raised in 2007. It was designated as invalid at that time because mod_wsgi "worked as intended" i.e.: it followed conventions established by HTTP basic/digest authentication modules.
However, when used with conjuction of a "password-less" authentication protocol such as OpenID or a "pure authorization" protocol such as OAuth, authorization must be processed although no HTTP authentication method is used. mod_python's PythonAuthzHandler directive allows such a script to process authorization. I currently have such a setup, but mod_python is dead and the rest of my setup uses mod_wsgi, so I'd like to completely switch over. Before replying to this message, please read the full discussion at http://code.google.com/p/modwsgi/issues/detail?id=48 and note Graham Dumpleton's points as they are constructive. However, the last message (mine) sheds new light on the issue. I would like simpler solution than that suggested by `[email protected]`. I don't think processing `SetEnv` directives or other context is necessary (this behavior in mod_python is actually annoying). Also, Graham's suggestion that the script itself to be self contained and describe its own configuration is perfectly fine with me and resembles the WSGIScriptAlias directive more closely. Does anyone else agree that there is use for such a directive? Can it be implemented (easilty) in mod_wsgi? -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
