[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: MyFedora cross domain authentication issues



John (J5) Palmieri wrote:
On Thu, 2008-03-13 at 17:59 -0500, Toshio Kuratomi wrote:
J5: Look at how jsonfas is implemented and tell me if that would for ths model.

bzr branch bzr://bzr.fedorahosted.org/bzr/python-fedora/python-fedora-devel

cd python-fedora-devel/fedora/tg/identity
vim jsonfasprovider.py
# Take a look at JsonFasIdentity

-Toshio

It look promising though I am not totally sure how it works.  Let me see
if I get this right. At the start of the proxied request (basically just
a TG controller in my domain which is called via JSON) I create a
JsonFasIdentity and supply it with the user, username and password using
the tg.identity object or is that the JsonFasIdentity?  It will then set
the correct cookies for the next link.  I make my next JSON call to a
FAS2 enabled resource like Bodhi and Bodhi treats me as if I was logged
in?  Is this correct?  Do I call logout on the JsonFasIdentity object?
Can this stand up to being called 10 times per page load for each query
I need to make?


This is how jsonfasprovider works:

1) The user visits myfedora and enters a username/password to log in.
2) The login request uses jsonfasprovider to authenticate the user against fas. Fas allows the user and sends a cookie back to myfedora. 3) myfedora (still via jsonfasprovider) sets the cookie on the user's browser.

This applies to myfedora because myfedora can use a similar method to send the user's authentication token to Bodhi. You'll inherit from BaseClient similar to what JsonFasIdentity does but targeted at Bodhi's location instead of FAS (Call it BodhiClient, for now).

1) Logged in user accesses myfedora
2) You instantiate a BodhiClient object.
3) You set or have BodhiClient set _sessionCookie with the visit_key (available from identity.current.visit_key) 4) You call or have BodhiClient send_request() to retrieve your data. (Remember to specify auth=True since the client needs to retrieve the data for the authenticated user.)
5) Operate on the data.

So you are proxying the session cookie that the user sends to you to the actual server that is providing the information.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]