The RestAuth project is a system providing shared authentication, authorization and preferences. At the core of the project is the detailed specification (simplified overview) for a network protocol loosely based on the REST paradigm and a reference implementation for the server side. Libraries exist for PHP and Python and there are ready-to-use plugins for Apache basic authentication, PAM and MediaWiki.
The primary design goal of the RestAuth project is to make it as easy as in any way possible to integrate existing services into the RestAuth system. If you need to use the protocol directly (i.e. because you are using a language where no library exists), basic authentication consists of just a few HTTP calls, you don't even need to use a JSON parser. Even more complex tasks require little more than a HTTP protocol implementation and a JSON parser. Our PHP and Python libraries make RestAuth even simpler to use, you need no knowledge of the protocol, you won't even notice that you are performing calls via the network.
Installation and configuration
RestAuth itself is written in Python and is based on Django. You therefore need python-2.4 or later (python-3 is currently unsupported by Django) and Django 1.2. Please see the installation instructions on how to install Django.
RestAuth can (so far) only be downloaded directly from SVN. To download RestAuth, simply do:
svn co http://svn.fsinf.at/fs/RestAuth/RestAuth
RestAuth, like any other Django project, can be configured in the file settings.py. Since this is the file comes directly from SVN, it is advised that copy localsettings.py.example to localsettings.py and use this file to configure it. The file is documented well, so just skim through the file.
By default, RestAuth only allows ASCII letters, numbers, and a very limited number of special characters in usernames. This is because usernames must be valid in all systems that use RestAuth. But you can easily extend the range of allowed characters (even to usernames using Unicode characters!) if you know that you will never use some of the supported systems. For further information please read our documentation on usernames.
Note that RestAuth treats all usernames as case insensitive. Therefor, the users "Mati", "MATI", "mAti" and "mati" all are considered the same.
Since you will never want RestAuth to be available to the outside, services that want to use RestAuth also must authenticate against it. We provide a script to easily manage the credentials of services from the command line. The script is also available from SVN:
svn co http://svn.fsinf.at/fs/RestAuth/bin
Try the restauth-service script to add services to the database - and don't forget to add valid hosts. See restauth-service.py --help and restauth-service.py add --help for usage information.
- MediaWiki plugin
- Apache plugin
Write new software using RestAuth
The prime goal of RestAuth is to make it as easy as possible to develop/modify/extend existing software to authenticate against RestAuth. As with any REST service, we provide CRUD operations for defined entities. But we deviate from that paradigm in several places to meet our primary design goal.
For a detailed interface specification, please see:
- General response codes - a list of response codes that could always be thrown