skip to navigation
skip to content

Not Logged In

pyramid_multiauth 0.4.0


An authentication policy for Pyramid that proxies to a stack of other authentication policies.


MultiAuthenticationPolicy is a Pyramid authentication policy that proxies to a stack of other IAuthenticationPolicy objects, to provide a combined auth solution from individual pieces. Simply pass it a list of policies that should be tried in order:

policies = [
    IPAuthenticationPolicy("127.0.*.*", principals=["local"])
    IPAuthenticationPolicy("192.168.*.*", principals=["trusted"])
authn_policy = MultiAuthenticationPolicy(policies)

This example uses the pyramid_ipauth module to assign effective principals based on originating IP address of the request. It combines two such policies so that requests originating from “127.0.*.*” will have principal “local” while requests originating from “192.168.*.*” will have principal “trusted”.

In general, the results from the stacked authentication policies are combined as follows:

  • authenticated_userid: return userid from first successful policy
  • unauthenticated_userid: return userid from first successful policy
  • effective_principals: return union of principals from all policies
  • remember: return headers from all policies
  • forget: return headers from all policies

Deployment Settings

It is also possible to specify the authentication policies as part of your paste deployment settings. Consider the following example:

use = egg:mypyramidapp

multiauth.policies = ipauth1 ipauth2 pyramid_browserid

multiauth.policy.ipauth1.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth1.ipaddrs = 127.0.*.*
multiauth.policy.ipauth1.principals = local

multiauth.policy.ipauth2.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth2.ipaddrs = 192.168.*.*
multiauth.policy.ipauth2.principals = trusted

To configure authentication from these settings, simply include the multiauth module into your configurator:


In this example you would get a MultiAuthenticationPolicy with three stacked auth policies. The first two, ipauth1 and ipauth2, are defined as the name of of a callable along with a set of keyword arguments. The third is defined as the name of a module, pyramid_browserid, which will be procecesed via the standard config.include() mechanism.

The end result would be a system that authenticates users via BrowserID, and assigns additional principal identifiers based on the originating IP address of the request.

0.4.0 - 2014-01-02

  • Make authenticated_userid None when groupfinder returns None.

0.3.2 - 2013-05-29

  • Fix some merge bustage; this should contain all the things that were claimed to be contained in the 0.3.1 release, but in fact were not.

0.3.1 - 2013-05-15

  • MultiAuthPolicySelected events now include the request object, so you can e.g. access the registry from the handler function.
  • Fixed some edge-cases in merging effective_principals with the output of the groupfinder callback.

0.3.0 - 2012-11-27

  • Support for Python3 via source-level compatibility.
  • Fire a MultiAuthPolicySelected event when a policy is successfully used for authentication.

0.2.0 - 2012-10-04

  • Add get_policy() method, which can be used to look up the loaded sub-policies at runtime.

0.1.2 - 2012-01-30

  • Update license to MPL 2.0.

0.1.1 - 2011-12-20

  • Compatability with Pyramid 1.3.

0.1.0 - 2011-11-11

  • Initial release.
File Type Py Version Uploaded on Size
pyramid_multiauth-0.4.0.tar.gz (md5) Source 2014-01-02 8KB
  • Downloads (All Versions):
  • 25 downloads in the last day
  • 1165 downloads in the last week
  • 5608 downloads in the last month