Advanced Authentication in TurboGears 2 – Part 1

TurboGears is one of the best python web frameworks you can find this days. I could start listing its features but this post is already long enough and you can read about them in the official TurboGears website. Also, if you are interested in what the title of this post says it is about, you may already know one or two things about TurboGears. So let’s get to the point: Authentication.

Authentication is the act of verifying that somebody is really who he/she claims to be, is about finding who you are. Authorization, on the other hand, is the act of granting access to given resources depending on who would use them. For example, allowing registered members to leave comments on a blog, or allowing your friends to see your pictures while others cannot. In other words, finding what you may do (Authentication and Authorization in TurboGears 2).

TurboGears 2 uses two frameworks to deal with authentication and authorization. Together, these frameworks, are part of a robust, extendable and pluggable system that works in almost any situation but can be extended to suit your needs if it doesn’t. The two frameworks are repoze.who and repoze.what:

  • repoze.who, a framework for authentication in WSGI applications. You normally don’t have to care about it because by default TG2 applications ship all the code to set it up (as long as you had selected such an option when you created the project), but if you need something more advanced you are at the right place.
  • repoze.what, the successor of tg.ext.repoze.who and tgext.authorization (used in unstable TG2 releases), is a framework for authorization that is mostly compatible with the TurboGears 1.x Identity authentication, identification and authorization system.

Normal authentication, using username and password, can be easily enabled in existing TurboGears applications and is even easier to get if you’re creating a new project. However, if you need support for other authentication methods like Facebook Connect, Sign in with Twitter or any other OAuth based authentication method, you’ll be expending a few hours of your time playing with the authentication and authorization system.

This post is about how to create a TurboGears 2 project with support for standard username and password login, Facebook Connect and Sign in with Twitter, all at the same time. There will be a lot of code to show and thus the post will be long so I have split it in three parts: Read Part 1: Using a .INI file to configure authentication and authorization middleware in TurboGears.