HI Chris Good points raised and could well be an significant requirement. I have not yet used repoze.who and have limited experience with wsgi middleware (Beaker with appengine based memcached session store is it) so I have wondered how you can hook up any ui to the middleware.
T On Mon, Jan 25, 2010 at 10:39 PM, Chris McDonough <chr...@plope.com> wrote: > My experience so far with helping people who want lots and lots of control > about how a login UI works with r.who has not been stellar; this is the only > reason I mention being able to cutnpaste code into a BFG authentication > policy. When you use a custom authentication policy, you can still control > the horizontal and vertical of login and logout, whereas with r.who, you > typically have less control. > > - C > > > Tim Hoffman wrote: >> >> Hi Chris >> >> Control was definately one of the concerns. But I am only relying on >> a potential pool of >> authentication providers (google, facebook, myspace ....) for basic user >> auth. >> >> It is also possible that I may need to run on appengine, so I may take >> the approach of building >> repoze.who plugins along the line of the existing AEoid wsgi >> middleware by Nick Johnson >> (http://blog.notdot.net/2009/12/OpenID-on-App-Engine-made-easy-with-AEoid) >> for openid that mirrors much of the existing google app engine user auth >> api. >> >> I am still just collecting ideas for approaches at the moment, trying >> to see what code >> is out there that I can leverage off. >> >> I also have a requirement for an authorization model that is fairly >> sophisticated (once I have identified users) with persistent ACL's >> and some workflow. >> >> T >> >> >> On Mon, Jan 25, 2010 at 10:02 PM, Chris McDonough <chr...@plope.com> >> wrote: >>> >>> That would be a good reason to use r.who in this case, sure. >>> >>> Of course, if you don't have enough control when you use r.who, you can >>> always take the code "internal" if you need to by creating a BFG >>> authentication policy based on the code from these plugins. >>> >>> Tim Hoffman wrote: >>>> >>>> Hi Chris >>>> >>>> On the face of it then , I will probably do the work as plugins to >>>> repoze.who as it seems there are a few repoze.who plugins >>>> already in existence for OAuth , openid, facebook connect etc.... that >>>> I can hopefully leverage off. >>>> >>>> Cheers >>>> >>>> T >>>> >>>> On Mon, Jan 25, 2010 at 6:46 PM, Chris McDonough <chr...@plope.com> >>>> wrote: >>>>> >>>>> I don't think it makes much of a difference if you need to write it all >>>>> from >>>>> scratch anyway. Either would be fine. >>>>> >>>>> - C >>>>> >>>>> Tim Hoffman wrote: >>>>>> >>>>>> Hi Folks >>>>>> >>>>>> I am looking for some advice. >>>>>> >>>>>> I need to be able to use multiple authentication sources for a new >>>>>> repoze.bfg based app. Do you think I should should use repoze.who >>>>>> etc... >>>>>> or try and hook the various auth directly under bfg's existing >>>>>> authenctication model ? >>>>>> >>>>>> Thanks >>>>>> >>>>>> Tim >>>>>> _______________________________________________ >>>>>> Repoze-dev mailing list >>>>>> Repoze-dev@lists.repoze.org >>>>>> http://lists.repoze.org/listinfo/repoze-dev >>>>>> >>>> _______________________________________________ >>>> Repoze-dev mailing list >>>> Repoze-dev@lists.repoze.org >>>> http://lists.repoze.org/listinfo/repoze-dev >>>> >>> >> > > _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev