Tornado 的多种身份验证选项
刚刚开始使用 Tornado,希望提供多种身份验证方法。目前,我的应用程序使用tornado.auth.GoogleMixin 与Google 的混合OpenID/oAuth 运行良好,未经身份验证的用户会自动发送到Google 的身份验证页面。
如果未经身份验证的用户想要使用其他选项(即本地身份验证或tornado.auth.TwitterMixin),我如何实现在登录处理程序中选择身份验证机制的逻辑?
我将装饰器“tornado.web.authenticated”添加到所有公开的方法中,这是我的登录处理程序类(几乎直接来自 Tornado 示例),它当前正在与 Google OpenID/oAuth 一起使用:
class AuthLoginHandler(BaseHandler, tornado.auth.GoogleMixin):
@tornado.web.asynchronous
def get(self):
if self.get_argument('openid.mode', None):
self.get_authenticated_user(self.async_callback(self._on_auth))
return
## redirect after auth
self.authenticate_redirect()
def _on_auth(self, user):
## auth fail
if not user:
raise tornado.web.HTTPError(500, 'Google auth failed')
## auth success
identity = self.get_argument('openid.identity', None)
## set identity in cookie
self.set_secure_cookie('identity', tornado.escape.json_encode(identity))
self.redirect('/')
感谢任何关于解决方案。谢谢
Just started playing with Tornado and want to offer multiple methods of authentication. Currently my app is working fine with Google's hybrid OpenID/oAuth using tornado.auth.GoogleMixin and the unauthenticated users are automatically sent to Google's auth page.
If an unauthenticated user wants to use another option (ie. local auth or tornado.auth.TwitterMixin), how can I implement the logic to choose an auth mechanism within the login handler?
I added the decorator 'tornado.web.authenticated' to all of my exposed methods, and here is the my login handler class (pretty much straight from the Tornado examples) which is currently working with Google OpenID/oAuth:
class AuthLoginHandler(BaseHandler, tornado.auth.GoogleMixin):
@tornado.web.asynchronous
def get(self):
if self.get_argument('openid.mode', None):
self.get_authenticated_user(self.async_callback(self._on_auth))
return
## redirect after auth
self.authenticate_redirect()
def _on_auth(self, user):
## auth fail
if not user:
raise tornado.web.HTTPError(500, 'Google auth failed')
## auth success
identity = self.get_argument('openid.identity', None)
## set identity in cookie
self.set_secure_cookie('identity', tornado.escape.json_encode(identity))
self.redirect('/')
Appreciate any suggestions for a solution. Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为最简单的方法是将 AuthLoginHandler 更改为更具体的内容,例如 GoogleAuthHandler,并为此创建适当的路由:
等等。
然后只需在页面上创建
指向 每个身份验证提供程序的链接:更有趣的是,您可以将提供者作为选择框提供,或者如果您想要真正花哨,您可以解析他们的“openid”URL(例如,如果 username.google.com, self.redirect("/login/google" ),但这假设用户知道他们的 OpenID 提供商 URL,但我猜如果您给他们一个 google / facebook / twitter 图标或点击的东西,那通常不会让大多数人感到困惑。
I think the easiest way to do it would be to change the AuthLoginHandler to something more specific, like GoogleAuthHandler, and create an appropriate route for that:
etc.
Then simply create links to each authentication provider on the page ala:
If you wanted to make it fancier, you could provide the providers as a select box, or if you wanted to get REALLY fancy, you could parse their 'openid' URL (e.g., if username.google.com, self.redirect("/login/google"), but that assumes that users know their OpenID provider URLs, which is usually not the case. I'd guess if you gave them a google / facebook / twitter icon or something to click on that would confuse the least number of people.
我自己也遇到过这个问题,但情况略有不同。
一种解决方案实际上是做这样的事情。
I came upon this problem myself but in a slightly different circumstance.
One solution is actually to do something like this.