-
Notifications
You must be signed in to change notification settings - Fork 56
How it works?
Aitor Magán García edited this page Jul 21, 2014
·
1 revision
- If the user tries to perform a log in and it's not currently logged in, a 401 exception is raised by the
login
function of theplugin.py
file. Under this circumstances, is the functionchallenge
called. This function will only redirect the user to the OAuth2 Server log in page when a login attempt is performed. Thechallenge
function ignores the 401 exceptions raised because the user doesn't have grants to perform an operation. - Once that the user completes the log in, he or she is redirected to the page
/oauth2/callback
of the CKAN instance. In this case, theidentify
function of therepozewho.py
file captures the request and tries to get the OAuth2 token. If the operation can be performed without exceptions, theauthenticate
function will be executed with the value returned by theidentify
function. Otherwise, a message error will be shown. - The
authenticate
function should return the user identifier. To do so, the function asks for the basic user information to the OAuth2 server with the token returned by theidentify
function. Once that the user identifier is got, the user model is asked for that user. If the user does not exist, it's created. Otherwise, the user is updated. Finally the function returns the user identifier. - Then, the
remember
function is called to set the cookies that allow the system to identify the user without performing another login attempt. - The
identify
function of theplugin.py
file read the propertyrepoze.who.identity
from the request environ. This variable is automatically set using the cookies stored by the authenticate process explained above. If the user is logged, this variable contains the user identifier. In this case, the variabletoolkit.c.user
is set to the user identifier. Otherwise, the variable is set to None.