Bases: keystone.common.controller.V3Controller
Bases: object
Encapsulation of “auth” request.
Get scope information.
Verify and return the scoping information.
Returns: | (domain_id, project_id, trust_ref). If scope to a project, (None, project_id, None) will be returned. If scoped to a domain, (domain_id, None, None) will be returned. If scoped to a trust, (None, project_id, trust_ref), Will be returned, where the project_id comes from the trust definition. If unscoped, (None, None, None) will be returned. |
---|
Bases: object
Abstract base class for an authentication plugin.
Authenticate user and return an authentication context.
Parameters: | context – keystone’s request context |
---|---|
Auth_payload: | the content of the authentication for a given method |
Auth_context: | user authentication context, a dictionary shared by all plugins. It contains “method_names” and “extras” by default. “method_names” is a list and “extras” is a dictionary. |
If successful, plugin must set user_id in auth_context. method_name is used to convey any additional authentication methods in case authentication is for re-scoping. For example, if the authentication is for re-scoping, plugin must append the previous method names into method_names. Also, plugin may add any additional information into extras. Anything in extras will be conveyed in the token’s extras attribute. Here’s an example of auth_context on successful authentication:
{
"extras": {},
"methods": [
"password",
"token"
],
"user_id": "abc123"
}
Plugins are invoked in the order in which they are specified in the methods attribute of the identity object. For example, custom-plugin is invoked before password, which is invoked before token in the following authentication request:
{
"auth": {
"identity": {
"custom-plugin": {
"custom-data": "sdfdfsfsfsdfsf"
},
"methods": [
"custom-plugin",
"password",
"token"
],
"password": {
"user": {
"id": "s23sfad1",
"password": "secrete"
}
},
"token": {
"id": "sdfafasdfsfasfasdfds"
}
}
}
}
Returns: | None if authentication is successful. Authentication payload in the form of a dictionary for the next authentication step if this is a multi step authentication. |
---|---|
Raises: | exception.Unauthorized for authentication failure |