responder icon indicating copy to clipboard operation
responder copied to clipboard
verified publisher icon kennethreitz

Recommende way to implement authentication

Open vlcinsky opened this issue 7 years ago • 8 comments

For Flask, there are some authentication snippets e.g. basic authentication

I did not find any authentication example in Responder project.

Is there any?

vlcinsky avatar Dec 31 '18 11:12 vlcinsky

Might be related to #232

Serkan-devel avatar Dec 31 '18 11:12 Serkan-devel

It does reference sessions in the docs, but not how to authenticate

Serkan-devel avatar Dec 31 '18 14:12 Serkan-devel

This is how it's been done on starlette https://www.starlette.io/authentication/

Serkan-devel avatar Dec 31 '18 20:12 Serkan-devel

I think you can call api.add_middleware and it'll work the same as starlette.

josegonzalez avatar Jan 25 '19 07:01 josegonzalez

Starlette's AuthenticationMiddleware would work fine, and would add auth into the ASGI scope, but you also need to implement permissions, that determine what to do, given the authentication/user credentials. (ie. Statlette's @requires decorator.)

If responder added an auth property on the request (returning the auth item from the ASGI scope) then I think the @requires decorator would work just fine.

lovelydinosaur avatar Jan 25 '19 09:01 lovelydinosaur

What should exactly happen so that we can leverage starlette's authentication facility? cc @kenneth-reitz

gpakosz avatar Mar 24 '19 12:03 gpakosz

Note: I had to reimplement responder's session handling inside of my custom middleware as the session management from starlette's middleware is incompatible. I'm not sure what the best way forward here is in light of that.

josegonzalez avatar Mar 25 '19 15:03 josegonzalez

Love to see a best practice implementation here. I have implemented an authenticate decorator using functools wraps like I use in Flask. This works fine for bearer tokens and basic authentication.

fenchu avatar May 19 '19 11:05 fenchu