keystone.auth.plugins.base module¶
-
class
keystone.auth.plugins.base.AuthHandlerResponse(status, response_body, response_data)¶ Bases:
tuple-
response_body¶ Alias for field number 1
-
response_data¶ Alias for field number 2
-
status¶ Alias for field number 0
-
-
class
keystone.auth.plugins.base.AuthMethodHandler[source]¶ Bases:
keystone.common.provider_api.ProviderAPIMixin,objectAbstract base class for an authentication plugin.
-
authenticate(auth_payload)[source]¶ Authenticate user and return an authentication context.
Parameters: auth_payload (dict) – the payload content of the authentication request for a given method If successful, plugin must set
user_idinresponse_data.method_nameis used to convey any additional authentication methods in case authentication is for re-scoping. For example, if the authentication is for re-scoping, plugin must append the previous method names intomethod_names; NOTE: This behavior is exclusive to the re-scope type action. Here’s an example ofresponse_dataon successful authentication:{ "methods": [ "password", "token" ], "user_id": "abc123" }
Plugins are invoked in the order in which they are specified in the
methodsattribute of theidentityobject. For example,custom-pluginis invoked beforepassword, which is invoked beforetokenin the following authentication request:{ "auth": { "identity": { "custom-plugin": { "custom-data": "sdfdfsfsfsdfsf" }, "methods": [ "custom-plugin", "password", "token" ], "password": { "user": { "id": "s23sfad1", "password": "secret" } }, "token": { "id": "sdfafasdfsfasfasdfds" } } } }
Returns: AuthHandlerResponse with status set to Trueif auth was successful. If status isFalseand this is a multi-step auth, theresponse_bodycan be in a form of a dict for the next step in authentication.Raises: keystone.exception.Unauthorized – for authentication failure
-
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.