Teapot: Managing authentication by a third party (Fossil)
I'm trying to make some test on a distributed wiki provided by Fossil as
a backend for storage/auth, Mustache + Material Design Lite for the
frontend and Teapot using as middleware for logic and connecting
frontend and backend. Teapot is connected with Fossil via JSON and
domain objects are stored as Fossil wiki pages. So far the experiment is
going well, but now I'm wondering about how to make authentication.
In my experiments I use the Fossil user and password to get an auth
token that is used via the Fossil's JSON API to make all the operations
that require permissions on the repository and now I wonder how this
strategy should be implemented for "real" (for the tests, I read the
password data from a local temporal file).
- There is some User Management Framework or project for Teapot or Zinc,
without going to more complex frameworks like Seaside or Aida?
- Should I have some "Sessions" object that stores logged users,
passwords and/or auth tokens inside the image and deletes them once the
user have logoff and/or on a time basis?
- Any other strategy or lite user auth framework that I have not thought ?
Any advice or experience in dealing with similar scenario is greatly
Re: Teapot: Managing authentication by a third party (Fossil)
This post was updated on .
IMO it depends on how the API works. Most REST APIs are stateless and the authentication token or api key is sent in each request, there is no login/logout operation. In this case you can setup a before filter and check the authentication token in the filter. If you use normal form based login then using http sessions is the way to go. You can check the session attribute in a before filter similarly, and redirect the user to the login page if there is no session info.