repoze.who Narrative Documentation

Using repoze.who as WSGI Middleware

repoze.who was originally developed for use as authentication middleware in a WSGI pipeline, for use by applications which only needed to obtain an “authenticated user” to enforce a given security policy.

See Middleware Responsibilities for a description of this use case.

Using repoze.who without WSGI Middleware

Some applications might want to use a configured set of repoze.who plugins to do identification and authentication for a request, outside the context of using repoze.who middleware. For example, a performance-sensitive application might wish to defer the effort of identifying and authenticating a user until the point at which authorization is required, knowing that some code paths will not need to do the work.

See Using the repoze.who Application Programming Interface (API) for a description of this use case.

Mixing Middleware and API Uses

Some applications might use the repoze.who middleware for most authentication purposes, but need to participate more directly in the mechanics of identification and authorization for some portions of the application. For example, consider a system which allows users to sign up online for membership in a site: once the user completes registration, such an application might wish to log the user in transparently, and thus needs to interact with the configured repoze.who middleware to generate response headers, ensuring that the user’s next request is properly authenticated.

See Mixed Use of repoze.who Middleware and API for a description of this use case.

Configuring repoze.who

Developers and integrators can configure repoze.who using either imperative Python code (see Configuring repoze.who via Python Code) or using an INI-style declarative configuration file (see Configuring repoze.who via Config File). In either case, the result of the configuration will be a repoze.who.api:APIFactory instance, complete with a request classifier, a challenge decider, and a set of plugins for each plugin interface.