RPC4Django should provide authentication facilities OOTB

Registered by Simone Orsi on 2010-03-31

When you create and expose web-services quite often you need to protect them. For the time being, no matter which tool you use (RPC4Django, django-xmlrpc, etc.) you have to code authentication handling by yourself. This can be quite annoying and time consuming and doesn't allow to follow a common path for such an important feature.

I think RPC4Django should provide OOTB a tool that takes care of authentication. Probably, a good solution will be to provide a public "login" method which returns an authorized session:

from xmlrpclib import ServerProxy
server = ServerProxy('http://www.mysite.com')
session = server.login(uid=uid, pw=pw)
result = session.call_to_my_private_method()
session.close() (or session.logout())

[2010-04-16 davidfischer]
The methods will probably be something like system.login() and system.logout(). They probably won't return anything, but rather simply authenticate the session. These will probably be disabled by default but could be enabled with an entry in settings.py

Moreover, RPC4Django could provide an admin interface for setting an ad-hoc users/roles for restricting ws access.

[2010-04-16 davidfischer]
The admin interface is handled by the existing Django admin interface. Users are Django users and roles are Django permissions. There's no reason to re-invent the wheel.

Blueprint information

Status:
Complete
Approver:
davidfischer
Priority:
Medium
Drafter:
Simone Orsi
Direction:
Approved
Assignee:
davidfischer
Definition:
Approved
Series goal:
Accepted for main
Implementation:
Implemented
Milestone target:
milestone icon 0.1.8
Started by
davidfischer on 2010-10-27
Completed by
davidfischer on 2010-10-27

Related branches

Sprints

Whiteboard

Other than the few changes I noted in the description, I think this can proceed.

[2010-10-26 davidfischer]
I've been busy, but this is finally implemented in 0.1.8. The big issue is that it requires a cookie aware transport. See http://packages.python.org/rpc4django/usage/auth.html#ootb-auth.

Also, I created a bug report (#667296) about this since RPC4Django should really include a cookie aware transport to make this feature useful.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.