keystone.auth.plugins.base module¶
- class keystone.auth.plugins.base.AuthHandlerResponse(status, response_body, response_data)¶
Bases:
tuple- response_body¶
Alias for field number 1
- response_data¶
Alias for field number 2
- status¶
Alias for field number 0
- class keystone.auth.plugins.base.AuthMethodHandler[source]¶
Bases:
ProviderAPIMixin,objectAbstract base class for an authentication plugin.
- abstract authenticate(auth_payload)[source]¶
Authenticate user and return an authentication context.
- Parameters:
auth_payload (dict) – the payload content of the authentication request for a given method
If successful, plugin must set
user_idinresponse_data.method_nameis used to convey any additional authentication methods in case authentication is for re-scoping. For example, if the authentication is for re-scoping, plugin must append the previous method names intomethod_names; NOTE: This behavior is exclusive to the re-scope type action. Here’s an example ofresponse_dataon successful authentication:{ "methods": [ "password", "token" ], "user_id": "abc123" }
Plugins are invoked in the order in which they are specified in the
methodsattribute of theidentityobject. For example,custom-pluginis invoked beforepassword, which is invoked beforetokenin the following authentication request:{ "auth": { "identity": { "custom-plugin": { "custom-data": "sdfdfsfsfsdfsf" }, "methods": [ "custom-plugin", "password", "token" ], "password": { "user": { "id": "s23sfad1", "password": "secret" } }, "token": { "id": "sdfafasdfsfasfasdfds" } } } }
- Returns:
AuthHandlerResponse with status set to
Trueif auth was successful. If status isFalseand this is a multi-step auth, theresponse_bodycan be in a form of a dict for the next step in authentication.- Raises:
keystone.exception.Unauthorized – for authentication failure
