zope.pluggableauth-2.1.0-2.lbn25.noarch

Based on zope.authentication, this package provides a flexible and pluggable authentication utility, and provides a number of common plugins. Pluggable-Authentication Utility

The Pluggable-Authentication Utility (PAU) provides a framework for authenticating principals and associating information with them. It uses plugins and subscribers to get its work done.

For a pluggable-authentication utility to be used, it should be registered as a utility providing the zope.authentication.interfaces.IAuthentication interface. Authentication

The primary job of PAU is to authenticate principals. It uses two types of plug-ins in its work:

Credentials Plugins Authenticator Plugins

Credentials plugins are responsible for extracting user credentials from a request. A credentials plugin may in some cases issue a ‘challenge’ to obtain credentials. For example, a ‘session’ credentials plugin reads credentials from a session (the “extraction”). If it cannot find credentials, it will redirect the user to a login form in order to provide them (the “challenge”).

Authenticator plugins are responsible for authenticating the credentials extracted by a credentials plugin. They are also typically able to create principal objects for credentials they successfully authenticate.

Given a request object, the PAU returns a principal object, if it can. The PAU does this by first iterating through its credentials plugins to obtain a set of credentials. If it gets credentials, it iterates through its authenticator plugins to authenticate them.

If an authenticator succeeds in authenticating a set of credentials, the PAU uses the authenticator to create a principal corresponding to the credentials. The authenticator notifies subscribers if an authenticated principal is created. Subscribers are responsible for adding data, especially groups, to the principal. Typically, if a subscriber adds data, it should also add corresponding interface declarations.