Skip to content

Auth backend proposal to address #50 #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 6 commits into from
Closed

Auth backend proposal to address #50 #54

wants to merge 6 commits into from

Conversation

masci
Copy link
Contributor

@masci masci commented Sep 10, 2013

No description provided.

@coveralls
Copy link

Coverage Status

Coverage remained the same when pulling 1e13b87 on auth_backend into 88ae620 on master.

@masci masci mentioned this pull request Sep 10, 2013
Closed
@synasius
Copy link
Contributor

I think you can merge this PR!

BTW, what about the 'scopes' of the access token ?? Should we involve them somehow in the authentication process?

Suppose we have a view 'A'. This view need the user to have permission 'P' (provided by django permissions system) and requires scope 'S'. What happens if a user that has permission 'P' but authenticates using a token that does not provide scope 'S'? Should we check both? How?

Just speculating, but we should deepen the problem

@masci
Copy link
Contributor Author

masci commented Sep 11, 2013

With current implementation the authentication process does not take in account scopes at all.
This will not prevent users to protect views with OAuth2 protocol and scopes utilization, either before or after authentication.

This is just one of the possible solutions, so we remain open to changes and suggestions on this matter.

@masci masci closed this Sep 11, 2013
@masci masci deleted the auth_backend branch September 11, 2013 09:53
@bryanveloso bryanveloso mentioned this pull request Sep 16, 2013
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.5.0

Development

Successfully merging this pull request may close these issues.

4 participants

@masci @coveralls @synasius @bryanveloso