Pyramid Authentication Policies

[marinewater]

Is there a reason why python-social-auth doesn't use the Authentication Policies of Pyramid? The random session cookie is kind of pointless if you have permissions set up.

[omab]

@Harz-FEAR, that's probably because of my inexperience with the framework, what do you think is needed in order to support them?

[marinewater]

It's fairly easy, you must have an Authorization Policy and an AuthenticationPolicy setup, get the headers via pyramid.security.remember(request, username) and redirect the user (e.g. HTTPFound(location=location, headers=rember(request, username)) instead of using sessions.

Pyramid is very well documented, here is a code example, should be rather easy to implement it.

[cjltsod]

With this pull request, Pyramid Authentication Policies could run smoothly.

I'm able to write an example with Pyramid Authentication Policies, but I'm not sure what directory name should I use.

[omab]

Issue ported to python-social-auth/social-app-pyramid#1