Bases: object
Abstract base class for an authentication plugin.
Authenticate user and return an authentication context.
Parameters: | context – keystone’s request context |
---|---|
Auth_payload : | the content of the authentication for a given method |
Auth_context : | user authentication context, a dictionary shared by all plugins. It contains “method_names” and “extras” by default. “method_names” is a list and “extras” is a dictionary. |
If successful, plugin must set “user_id” in “auth_context”. “method_name” is used to convey any additional authentication methods in case authentication is for re-scoping. For example, if the authentication is for re-scoping, plugin must append the previous method names into “method_names”. Also, plugin may add any additional information into “extras”. Anything in “extras” will be conveyed in the token’s “extras” field. Here’s an example of “auth_context” on successful authentication.
Plugins are invoked in the order in which they are specified in the “methods” attribute of the “authentication” request body. For example, with the following authentication request,
“methods”: [“custom-plugin”, “password”, “token”], “token”: {
“id”: “sdfafasdfsfasfasdfds”
}, “custom-plugin”: {
“custom-data”: “sdfdfsfsfsdfsf”
}, “password”: {
- “user”: {
- “id”: “s23sfad1”, “password”: “secrete”
}
}
}}
plugins will be invoked in this order:
Returns: | None if authentication is successful. Authentication payload in the form of a dictionary for the next authentication step if this is a multi step authentication. |
---|---|
Raises : | exception.Unauthorized for authentication failure |