Advanced configuration¶
Authentication policy¶
pyramid_fullauth uses AuthTktAuthenticationPolicy. It’s default settings are stored within config as:
fullauth.authtkt.secret = fullauth_psst # default secret used to hash auth_tk cookie
fullauth.authtkt.hashalg = sha512 # default authentication policy hash algorithm
fullauth.authtkt.timeout = 2 # (optional) number of seconds for which an auth ticket will be valid
fullauth.authtkt.reissue_time = 0.2 # (optional) number of seconds that must pass before an authentication token cookie is automatically reissued as the result of a request which requires authentication
Note
timeout and reissue_time settings indicate after which period of time user will be logged out in case of inactivity. If not included in your AuthTktAuthenticationPolicy config, default value for them will be None. To get a better insight on how they work when they are set, look at tests.test_login: test_automatic_logout and test_automatic_logout_not_expired test cases.
See also
For more information about additional settings that could be included
in your AuthTktAuthenticationPolicy
as well as how to set optimal values for timeout and reissue_time please see
AuthTktAuthenticationPolicy
.
Warning
callback setting is defined as pyramid_fullauth.auth.groupfinder()
.
Note
To restrict subdomain applications from using the same cookie, use fullauth.authtkt.wild_domain setting, and set it to False. This will restrict emitted cookies to current domain only. You can also change settings as fullauth.authtkt.cookie_name and fullauth.authtkt.secret to make sure, your apps will use different cookie names and salts.
Authentication Providers¶
Might happen, that the project needs to identify what authentication providers is user using (Might use e.g facebook, google, email, some OpenID). That’s what the user.providers relation is for.
It stores data needed to authenticate with different providers for each user, but the exception is email, where user is identified by id in a system. Each of the social providers entry gets added by connecting user account with given social network, and the email entry during standard registration or during reset password.
ACL¶
pyramid_fullauth
package provides also a basic ACL Mixin for your RootFactory.
It contains basic acl definition as well as init method.
Events¶
Plugin emits several events throughout the registration process, login and several other actions.
All of them, along with details description can be found in the
pyramid_fullauth.events
package.
Read the Using Events chapter of Pyramid’s documentation to see how to add an event subscriber to Your application and handle those events.
Session Factory¶
pyramid_fullauth allows you to connect custom session factory within application,
by default, it uses pyramid’s SignedCookieSessionFactory()
,
but using different session factory is just a matter of appropriate settings in
fullauth.session. See Configuration section on how to configure.
More on sessions and session factory can be read in _ Sessions chapter of Pyramid’s documentation