The keystone.auth.core Module

class keystone.auth.core.AuthMethodHandler(*args, **kwargs)

Bases: object

Abstract base class for an authentication plugin.

authenticate(context, auth_payload, auth_context)

Authenticate user and return an authentication context.

Parameters:context – keystone’s request context
Auth_payload :the content of the authentication for a given method
Auth_context :user authentication context, a dictionary shared by all plugins. It contains “method_names” and “extras” by default. “method_names” is a list and “extras” is a dictionary.

If successful, plugin must set “user_id” in “auth_context”. “method_name” is used to convey any additional authentication methods in case authentication is for re-scoping. For example, if the authentication is for re-scoping, plugin must append the previous method names into “method_names”. Also, plugin may add any additional information into “extras”. Anything in “extras” will be conveyed in the token’s “extras” field. Here’s an example of “auth_context” on successful authentication.

{“user_id”: “abc123”,
“methods”: [“password”, “token”], “extras”: {}}

Plugins are invoked in the order in which they are specified in the “methods” attribute of the “identity” object. For example, with the following authentication request,

{“auth”: {
“identity”: {

“methods”: [“custom-plugin”, “password”, “token”], “token”: {

“id”: “sdfafasdfsfasfasdfds”

}, “custom-plugin”: {

“custom-data”: “sdfdfsfsfsdfsf”

}, “password”: {

“user”: {
“id”: “s23sfad1”, “password”: “secrete”

}

}

}

}}

plugins will be invoked in this order:

  1. custom-plugin
  2. password
  3. token
Returns:None if authentication is successful. Authentication payload in the form of a dictionary for the next authentication step if this is a multi step authentication.
Raises :exception.Unauthorized for authentication failure

Previous topic

The keystone.auth.controllers Module

Next topic

The keystone.auth.plugins.password Module

This Page