Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Multiple authentication options with Tornado

Tags:

python

authentication

tornado

Just started playing with Tornado and want to offer multiple methods of authentication. Currently my app is working fine with Google's hybrid OpenID/oAuth using tornado.auth.GoogleMixin and the unauthenticated users are automatically sent to Google's auth page.

If an unauthenticated user wants to use another option (ie. local auth or tornado.auth.TwitterMixin), how can I implement the logic to choose an auth mechanism within the login handler?

I added the decorator 'tornado.web.authenticated' to all of my exposed methods, and here is the my login handler class (pretty much straight from the Tornado examples) which is currently working with Google OpenID/oAuth:

class AuthLoginHandler(BaseHandler, tornado.auth.GoogleMixin):
    @tornado.web.asynchronous
    def get(self):

        if self.get_argument('openid.mode', None):
            self.get_authenticated_user(self.async_callback(self._on_auth))
            return

        ## redirect after auth
        self.authenticate_redirect()

    def _on_auth(self, user):
        ## auth fail
        if not user:
            raise tornado.web.HTTPError(500, 'Google auth failed')

        ## auth success
        identity = self.get_argument('openid.identity', None)

        ## set identity in cookie
        self.set_secure_cookie('identity', tornado.escape.json_encode(identity))
        self.redirect('/')

Appreciate any suggestions for a solution. Thanks

like image 406
joet3ch Avatar asked Oct 07 '10 19:10

joet3ch

1 Answers

I think the easiest way to do it would be to change the AuthLoginHandler to something more specific, like GoogleAuthHandler, and create an appropriate route for that: 

(r"/login/google/", GoogleAuthHandler),
(r"/login/facebook/", FacebookAuthHandler),

etc.

Then simply create links to each authentication provider on the page ala: 

<a href="/login/google/>Login with Google</a>
<a href="/login/facebook/">Login with Facebook</a>

If you wanted to make it fancier, you could provide the providers as a select box, or if you wanted to get REALLY fancy, you could parse their 'openid' URL (e.g., if username.google.com, self.redirect("/login/google"), but that assumes that users know their OpenID provider URLs, which is usually not the case. I'd guess if you gave them a google / facebook / twitter icon or something to click on that would confuse the least number of people.

like image 159
bmelton Avatar answered Nov 11 '22 07:11

bmelton
Sign in to Comment

Related questions

How to run installed python script?
Can I CREATE TEMPORARY TABLE in SQLAlchemy without appending to Table._prefixes?
Can you embed python scripts into the web browser?
Interpolating a scalar field in a 3D space
max size in BlobProperty (appengine)
How to write a wrapper over functions and member functions that executes some code before and after the wrapped function?
How to solve an LCP (linear complementarity problem) in python?
Python OOP - Class relationships
Static Variables in Python C API
How to recovery source python code (.py) from .pyo file?
Pylint only Global evaluation
Python beautiful soup arguments
Get text when enter is pressed in a text box in wxPython
Binary file email attachment problem
numpy array C api
Catching / blocking SIGINT during system call
Can I use Ruby and Python together?
Is there a lib to generate data according to a regexp? (Python or other)
How to avoid NotImplementedError "Only tempfile.TemporaryFile is available for use" in django on Google App Engine?
Using Python code coverage tool for understanding and pruning back source code of a large library

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!