keystone.auth.plugins.base module¶
-
class
keystone.auth.plugins.base.
AuthHandlerResponse
(status, response_body, response_data)¶ Bases:
tuple
-
response_body
¶ Alias for field number 1
-
response_data
¶ Alias for field number 2
-
status
¶ Alias for field number 0
-
-
class
keystone.auth.plugins.base.
AuthMethodHandler
[source]¶ Bases:
keystone.common.provider_api.ProviderAPIMixin
,object
Abstract base class for an authentication plugin.
-
abstract
authenticate
(auth_payload)[source]¶ Authenticate user and return an authentication context.
- Parameters
auth_payload (dict) – the payload content of the authentication request for a given method
If successful, plugin must set
user_id
inresponse_data
.method_name
is used to convey any additional authentication methods in case authentication is for re-scoping. For example, if the authentication is for re-scoping, plugin must append the previous method names intomethod_names
; NOTE: This behavior is exclusive to the re-scope type action. Here’s an example ofresponse_data
on successful authentication:{ "methods": [ "password", "token" ], "user_id": "abc123" }
Plugins are invoked in the order in which they are specified in the
methods
attribute of theidentity
object. For example,custom-plugin
is invoked beforepassword
, which is invoked beforetoken
in the following authentication request:{ "auth": { "identity": { "custom-plugin": { "custom-data": "sdfdfsfsfsdfsf" }, "methods": [ "custom-plugin", "password", "token" ], "password": { "user": { "id": "s23sfad1", "password": "secret" } }, "token": { "id": "sdfafasdfsfasfasdfds" } } } }
- Returns
AuthHandlerResponse with status set to
True
if auth was successful. If status isFalse
and this is a multi-step auth, theresponse_body
can be in a form of a dict for the next step in authentication.- Raises
keystone.exception.Unauthorized – for authentication failure
-
abstract