{"id":13806036,"url":"https://github.com/wichert/pyramid_authstack","last_synced_at":"2025-09-22T06:31:40.911Z","repository":{"id":9989577,"uuid":"12020135","full_name":"wichert/pyramid_authstack","owner":"wichert","description":"Use multiple authentication policies with Pyramid.","archived":false,"fork":false,"pushed_at":"2020-03-28T20:49:12.000Z","size":172,"stargazers_count":9,"open_issues_count":3,"forks_count":6,"subscribers_count":0,"default_branch":"master","last_synced_at":"2024-05-23T08:01:19.917Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wichert.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-08-10T12:04:34.000Z","updated_at":"2023-09-07T16:00:56.000Z","dependencies_parsed_at":"2022-09-15T13:02:22.654Z","dependency_job_id":null,"html_url":"https://github.com/wichert/pyramid_authstack","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wichert%2Fpyramid_authstack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wichert%2Fpyramid_authstack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wichert%2Fpyramid_authstack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wichert%2Fpyramid_authstack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wichert","download_url":"https://codeload.github.com/wichert/pyramid_authstack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233670664,"owners_count":18711696,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T01:01:07.323Z","updated_at":"2025-09-22T06:31:35.611Z","avatar_url":"https://github.com/wichert.png","language":"Python","funding_links":[],"categories":["Authorization"],"sub_categories":[],"readme":"Pyramid authentication stack\n============================\n\n.. image:: https://travis-ci.org/wichert/pyramid_authstack.png?branch=master\n    :target: https://travis-ci.org/wichert/pyramid_authstack\n\nThe `pyramid_authstack` package makes it possible to stack multiple\nauthentication policies in a `pyramid \u003chttp://www.pylonsproject.org\u003e`_ project.\nThis can be useful in several scenarios:\n\n- You need to be able to identify a user for a long period of time, while\n  requiting a recent login to access personal information. Amazon is an\n  example of a site doing this.\n\n- You want to send a newsletter to users and log the user in automatically when\n  they follow a link in the newsletter, but not give automatically give them\n  access to sensitive information.\n\nConfusing a multi-authentication policy is simple: create an instance\nof the `AuthenticationStackPolicy` object, add the authentication policies\nyou want to it and then tell Pyramid to use it.\n\n::\n\n    from pyramid.authentication import AuthTktAuthenticationPolicy\n    from pyramid_authstack import AuthenticationStackPolicy\n\n    auth_policy = AuthenticationStackPolicy()\n    # Add an authentication policy with a one-hour timeout to control\n    # access to sensitive information.\n    auth_policy.add_policy(\n        'sensitive',\n        AuthTktAuthenticationPolicy('secret', timeout=60 * 60))\n    # Add a second authentication policy with a one-year timeout so\n    # we can identify the user.\n    auth_policy.add_policy(\n        'identity',\n        AuthTktAuthenticationPolicy('secret', timeout=60 * 60 * 24 * 365))\n    config.set_authentication_policy(auth_policy)\n\nThe name used for the sub-policy (`sensitive` and `identity` in the example\nabove) will be added to the principals if the sub-policy can authenticate the\nuser. This makes it very easy to check which authentication policies matched\nin an ACL::\n\n    class MyModel(object):\n        # Only allow access if user authenticated recently.\n        __acl__ = [(Allow, 'auth:sensitive', 'view')]\n\n\nWhen you call `remember()\n\u003chttp://docs.pylonsproject.org/projects/pyramid/en/1.4-branch/api/security.html#pyramid.security.remember\u003e`_ or `forget()\n\u003chttp://docs.pylonsproject.org/projects/pyramid/en/1.4-branch/api/security.html#pyramid.security.forget\u003e`_ all sub-policies will be trigged. You can filter the list\nof policies used by adding a `policies` parameter. A use case where this\nis important is a user coming to the site via a link in a newsletter: in\nthat scenario you can identify the user, but do not want to give access\nto sensitive information without asking for extra credentials.\n\n::\n\n   from pyramid.security import remember\n\n   # Only set identity-authentication.\n   headers = remember(request, 'chrism', policies=['identity'])\n\n\nComparison to pyramid_multiauth\n===============================\n\nMozilla has a similar project: `pyramid_multiauth\n\u003chttps://pypi.python.org/pypi/pyramid_multiauth\u003e`_. There are a few difference\nbetween that package and this one:\n\n* pyramid_multiauth has no way to indicate which authentication policy matched,\n  which makes it unusable for my uses causes unless you always use custom\n  authentication sub-policies which add custom an extra principal.  This could\n  be fixed, but it would require changing the API in a non-backward compatible\n  way.\n* pyramid_multiauth duplicates some of the callback-handling code instead of\n  reusing pyramid's CallbackAuthenticationPolicy.\n* pyramid_multiauth allows configuration via the PasteDeploy .ini file, which\n  pyramid_authstack does not support.\n\n\nChangelog\n=========\n\n1.0.1 - Unreleased\n-----------------------\n\n- Fix use of obsolete naming in the README.\n\n- Add callback parameter to constructor.\n\n\n1.0.0 - August 10, 2013\n-----------------------\n\n- First release.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwichert%2Fpyramid_authstack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwichert%2Fpyramid_authstack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwichert%2Fpyramid_authstack/lists"}