geofront.team — Team authentication¶
Geofront doesn’t force you to manage team members by yourself. Instead it hides how to manage team members, and offers Team, the layering interface to implement custom team data provider e.g. GitHubOrganization.
It is theologically possible to implement a straightforward RDBMS-backed team provider, but we rather recommend to adapt your existing team data instead e.g. GitHub organization, Google Apps organization, Bitbucket team.
- exception geofront.team.AuthenticationError¶
Authentication exception which rise when the authentication process has trouble including network problems.
- class geofront.team.Team¶
Backend interface for team membership authentication.
Authorization process consists of three steps (and therefore every backend subclass has to implement these three methods):
- request_authentication() makes the url to interact with the owner of the identity to authenticate. I.e. the url to login web page of the backend service.
- authenticate() finalize authentication of the identity, and then returns Identity.
- authorize() tests the given Identity belongs to the team. It might be a redundant step for several backends, but is a necessary step for some backends that distinguish identity authentication between team membership authorization. For example, Any Gmail users can authenticate they own their Gmail account, but only particular users can authenticate their account belongs to the configured Google Apps organization.
- authenticate(auth_nonce: str, requested_redirect_url: str, wsgi_environ: collections.abc.Mapping) → geofront.identity.Identity¶
Second step of authentication process, to create a verification token for the identity. The token is used by authorize() method, and the key store as well (if available).
- auth_nonce (str) – a random string to guarantee it’s a part of the same process to request_authentication() call followed by this which is the first step
- requested_redirect_url (str) – a url that was passed to request_authentication()‘s redirect_url parameter
- wsgi_environ (collections.abc.Mapping) – forwarded wsgi environ dictionary
an identity which contains a verification token
Return type: Raises geofront.team.AuthenticationError:
when something goes wrong e.g. network errors, the user failed to verify their ownership
The last step of authentication process. Test whether the given identity belongs to the team.
Note that it can be called every time the owner communicates with Geofront server, out of authentication process.
Parameters: identity (Identity) – the identity to authorize Returns: True only if the identity is a member of the team Return type: bool
- request_authentication(auth_nonce: str, redirect_url: str) → str¶
First step of authentication process, to prepare the “sign in” interaction with the owner. It typically returns a url to the login web page.
a url to the web page to interact with the owner in their browser