Continuing on with our middleware series, we now cover authentication. There are a ton of authentication and authorization WSGI middleware, as well an basic authnetication example used in the WSGI documentation. Some are out of date, and a lot of others are tightly integrated with other parts of a particular frameworks request handling. It would have been easy enough to RollYO basic authentication, but I really hate reinventing a wheel I don’t have to.
I decided to investigate AuthKit, part of Pylons, to service my authentication needs, and struggled through a lack of documentation and fairly large code base, all for your pleasure.
Authentication with AuthKit
AuthKit assumes a lot of the setup for your middleware follows Pylons conventions. It was a struggle for me to make heads or tails of the examples, not being familiar with Pylons application configuration and how requests were routed. The secret sauce to actually make AuthKit work with bottle is to realize that there are actually multiple levels of AuthKit middleware that you have to invoke to get the authorization chain to even start up. Here is how you go about it in Bottle:
from authkit import authenticate, authorize
from authkit.permissions import RemoteUser
from bottle import *
# bottle exposed function
@default() # maps to root URL
def hello():
return "hello"
# get the default bottle application
app = default_app()
# set up an authorization permission for
# basic authentication of a remote user
app = authorize.middleware(app, RemoteUser())
# A simple authentication function
def basic_auth(environ, username, password):
return username == password
# now activate the authentication
auth_config = {
'authkit.setup.method':'basic',
'authkit.basic.realm':'Test Realm',
'authkit.basic.authenticate.function':basic_auth,
'authkit.setup.enable':'True'
}
app = authenticate.middleware(app,app_conf=auth_config)
# run the application
run(app=app)
To make this work for App Engine, you need to include the AuthKit sources and account for deploying Bottle applicatios on GAE, covered in the Bottle docs and other posts.
5 comments
October 30, 2009 at 10:05 am
Marcel Hellkamp
AuthKit uses exceptions in its decorators a lot. You can disable bottle.default_app().catchall to let them through.
November 2, 2009 at 5:24 pm
delagoya
Good tip. Thanks!
November 15, 2009 at 9:21 am
ravi
hey, i was wondering if you have any experience of using AuthKit with django on GAE? I am kinda stuck now…am using google’s appengine helper which lets me use a limited version of django on GAE without the .auth library (and others)
November 16, 2009 at 2:22 pm
delagoya
Since django is WSGI compliant, I assume it is the same procedure: just mount your django app after the two AuthKit middlewares (the first being authorization and the second authentication).
November 20, 2009 at 7:40 am
ravi
thanks! will try it out