Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional Keystone Strategies #1

Open
bradgignac opened this issue Jul 7, 2015 · 3 comments
Open

Additional Keystone Strategies #1

bradgignac opened this issue Jul 7, 2015 · 3 comments

Comments

@bradgignac
Copy link
Collaborator

When attempting to use this library with on a few Rackspace projects, I realized the provided strategy is really intended for a web app where the username and password are provided on a login screen and the result of authentication is stored in the session. While this works great for a web app with a UI, it doesn't translate to building an API where an auth token is provided and must be validated using the Keystone API. In order to allow this library to work well with APIs, I'm proposing the following changes to this library:

  1. Rename Strategy to AuthenticationStrategy that corresponds to Token Authentication
  2. Add support for API key-based authentication to AuthenticationStrategy that corresponds to Example 4.57.
  3. Add TokenValidationStrategy that corresponds to the token validation call in the admin API.
  4. Stop exporting a default strategy. Instead, use named exports to export each individual strategy.
  5. Extract a common set of models for interacting with the result of authentication and validation.
  6. Implement a Connect middleware for session expiration based on token expiration.

Additionally, we might want some additional changes in the future:

  • Support for Keystone v3.
  • Cache the results of token validation in a store like Redis or Memcached.
@eddywashere
Copy link
Owner

:: shakes dust off project ::

Thanks for the detailed issue! Originally just needed something to plug and play with an express web app. So many assumptions, glad you still checked this out and gave feedback.

    1. took me awhile to realize what auth types were supported, then I clicked to expand the details for the anchor link. 👍
  • 2-4) 👍
    1. it's been awhile, but I'm really only familiar with service catalogs, anything else out there?
    1. new project or include it here?

These items are a great proposal for a v1 release and in general a solid direction for this project. I added you as a collaborator if you've got some of these ideas to push to a branch. Also, wouldn't mind pushing this somewhere a bit more visible like github.com/rackerlabs. just give me a 👍 and I'll move it over.

@bradgignac
Copy link
Collaborator Author

  1. it's been awhile, but I'm really only familiar with service catalogs, anything else out there?

It exposes the service catalog, the current user, and information about the token.

  1. new project or include it here?

It probably won't be in my first pass of work anyway since we don't actually need it for my project, so we can defer the decision.

@bjamet
Copy link

bjamet commented Feb 13, 2017

Hi
Are theses issues still open ?
I'm using a fork of this library, and bumped on the some of these problems, so I will develops the workaround soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bradgignac @eddywashere @bjamet