keystone.auth.plugins.base.
AuthHandlerResponse
(status, response_body, response_data)¶Bases: tuple
response_body
¶Alias for field number 1
response_data
¶Alias for field number 2
status
¶Alias for field number 0
keystone.auth.plugins.base.
AuthMethodHandler
[source]¶Bases: keystone.common.provider_api.ProviderAPIMixin
, object
Abstract base class for an authentication plugin.
authenticate
(auth_payload)[source]¶Authenticate user and return an authentication context.
Parameters: | auth_payload (dict) – the payload content of the authentication request for a given method |
---|
If successful, plugin must set user_id
in response_data
.
method_name
is used to convey any additional authentication methods
in case authentication is for re-scoping. For example, if the
authentication is for re-scoping, plugin must append the previous
method names into method_names
; NOTE: This behavior is exclusive
to the re-scope type action. Here’s an example of response_data
on
successful authentication:
{
"methods": [
"password",
"token"
],
"user_id": "abc123"
}
Plugins are invoked in the order in which they are specified in the
methods
attribute of the identity
object. For example,
custom-plugin
is invoked before password
, which is invoked
before token
in the following authentication request:
{
"auth": {
"identity": {
"custom-plugin": {
"custom-data": "sdfdfsfsfsdfsf"
},
"methods": [
"custom-plugin",
"password",
"token"
],
"password": {
"user": {
"id": "s23sfad1",
"password": "secret"
}
},
"token": {
"id": "sdfafasdfsfasfasdfds"
}
}
}
}
Returns: | AuthHandlerResponse with status set to True if auth was
successful. If status is False and this is a multi-step
auth, the response_body can be in a form of a dict for
the next step in authentication. |
---|---|
Raises: | keystone.exception.Unauthorized – for authentication failure |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.