This repository has been archived by the owner on Sep 3, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 45
Authentication and Authorization
Alice Zoë Bevan–McGregor edited this page Feb 28, 2014
·
1 revision
- https://github.com/bravecollective/mumble/blob/develop/development.ini#L28-L30 tells the web framework which functions to call to process authentication and subsequent requests for the session, and the URL path to redirect the user to if they need to auth.
- https://github.com/bravecollective/mumble/blob/develop/brave/mumble/auth/model.py#L98-L133 are the two functions,
authenticate()for the call toweb.auth.authenticate()andlookup()for subsequent requests in the same session. - You can see that the authentication uses an identifier (a token from Core in this case; password is ignored but required for this callback’s function signature) and a call to
api.core.infogets the character/corp/alliance/expiry and tag information. - https://github.com/bravecollective/mumble/blob/develop/brave/mumble/auth/controller.py#L16-L47 are the actual URL handlers (at the root level) for authentication.
/authorizemakes a call toapi.core.authorizein order to create an authentication request which the user is then redirected to within Core. - Upon returning from Core,
/authorizedis called to indicate success, or/noloveis called if the user cancelled. - (Those paths are used because of lines 21 and 22 which pass full URL versions of those to Core for the authentication request.)