Bottle : Authentication

29 Oct

Continuing on with our middleware series, we now cover authentication. There are a ton of authentication and authorization WSGI middleware, as well an basic authnetication example used in the WSGI documentation. Some are out of date, and a lot of others are tightly integrated with other parts of a particular frameworks request handling. It would have been easy enough to RollYO basic authentication, but I really hate reinventing a wheel I don’t have to.

I decided to investigate AuthKit, part of Pylons, to service my authentication needs, and struggled through a lack of documentation and fairly large code base, all for your pleasure.

Authentication with AuthKit

AuthKit assumes a lot of the setup for your middleware follows Pylons conventions. It was a struggle for me to make heads or tails of the examples, not being familiar with Pylons application configuration and how requests were routed. The secret sauce to actually make AuthKit work with bottle is to realize that there are actually multiple levels of AuthKit middleware that you have to invoke to get the authorization chain to even start up. Here is how you go about it in Bottle:

from authkit import authenticate, authorize 
from authkit.permissions import RemoteUser

from bottle import *

# bottle exposed function
@default() # maps to root URL
def hello():
    return "hello"

# get the default bottle application
app = default_app()

# set up an authorization permission for 
# basic authentication of a remote user
app = authorize.middleware(app, RemoteUser())

# A simple authentication function
def basic_auth(environ, username, password):
    return username ==  password

# now activate the authentication
auth_config = {
    'authkit.basic.realm':'Test Realm',
app = authenticate.middleware(app,app_conf=auth_config)

# run the application

To make this work for App Engine, you need to include the AuthKit sources and account for deploying Bottle applicatios on GAE, covered in the Bottle docs and other posts.


5 Responses to “Bottle : Authentication”

  1. Marcel Hellkamp October 30, 2009 at 10:05 am #

    AuthKit uses exceptions in its decorators a lot. You can disable bottle.default_app().catchall to let them through.

  2. delagoya November 2, 2009 at 5:24 pm #

    Good tip. Thanks!

  3. ravi November 15, 2009 at 9:21 am #

    hey, i was wondering if you have any experience of using AuthKit with django on GAE? I am kinda stuck now…am using google’s appengine helper which lets me use a limited version of django on GAE without the .auth library (and others)

  4. delagoya November 16, 2009 at 2:22 pm #

    Since django is WSGI compliant, I assume it is the same procedure: just mount your django app after the two AuthKit middlewares (the first being authorization and the second authentication).

  5. ravi November 20, 2009 at 7:40 am #

    thanks! will try it out 🙂

Comments are closed.

%d bloggers like this: