Thanks for the kind words. This was actually pretty fast to do. I think it took 2-3 days to build oAuth into our apps and almost everything was repackaged into this within that same week. This has been sitting in a private repo for a year or so, because it required some updates to oauthlib and requests-oauthlib that I wrote but hadn't been merged/released yet. The tough bit was getting the testing harness set up right.
I had written a lot of stuff explaining some things for you, and then realized I may be all wrong in terms of what you're trying to accomplish. It reads like you're trying to do a lot of different authorization things, but then you specifically said no authorization but authentication. So I'm getting tripped up a bit, especially by this line: "I don't need authorization: just authenticating the user and retrieving their roles and metadata and maybe the refresh feature" If the roles and metadata for the user are in Keycloak, then Keycloak is handling the Authentication (e.g. the user authenticates to keycloak by logging in) and you actually want Authorization to happen (which is what you described above). So let's pull back for minute and get a better idea of what you're trying to do in terms of use-cases. What is the intended interplay of your Keycloak server and your Pyramid application? oAuth can be very annoying because one spec/project/initiative/framework covers a handful of ways to implement it. The different implementation methods are called "oAuth Flows" or "oAuth Grants". The first think you need to do, is to decide exactly which grant you want do implement. Depending on how you look at it, there are between 4 and 8 flows covered by a handful of RFCs, all under the umbrella of oAuth. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/e549d218-81ac-4762-b8cc-90e53313bf86%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
