Aus Free Software
Zur Navigation springen Zur Suche springen

The RestAuth project is a system providing shared authentication, authorization and preferences. It consists of a detailed specification (simplified overview) for a network protocol loosely based on the REST paradigm. The project also provides a reference service implementation, libraries for PHP and Python and ready-to-use plugins for Apache basic authentication, PAM and MediaWiki.

The primary design goal of the RestAuth project is to make it as easy as in any way possible to integrate existing services into the RestAuth system. If you need to use the protocol directly (i.e. because you are using a language where no library exists), basic authentication consists of just a few HTTP calls, you don't even need to use a JSON parser. Even more complex tasks require little more than a HTTP protocol implementation and a JSON parser. Our PHP and Python libraries make RestAuth even simpler to use, you need no knowledge of the protocol, you won't even notice that you are performing calls via the network.

Installation and configuration

RestAuth itself is written in Python and is based on Django. You therefore need python-2.4 or later (python-3 is currently unsupported by Django) and Django 1.2. Please see the installation instructions on how to install Django.

RestAuth can (so far) only be downloaded directly from SVN. To download RestAuth, simply do:

svn co

RestAuth, like any other Django project, can be configured in the file Since this is the file comes directly from SVN, it is advised that copy to and use this file to configure it. The file is documented well, so just skim through the file.

Legal usernames

By default, RestAuth only allows ASCII letters, numbers, and a very limited number of special characters in usernames. This is because usernames must be valid in all systems that use RestAuth. But you can easily extend the range of allowed characters (even to usernames using Unicode characters!) if you know that you will never use some of the supported systems. For further information please read our documentation on usernames.

Note that RestAuth treats all usernames as case insensitive. Therefor, the users "Mati", "MATI", "mAti" and "mati" all are considered the same.

Add services

Since you will never want RestAuth to be available to the outside, services that want to use RestAuth also must authenticate against it. We provide a script to easily manage the credentials of services from the command line. The script is also available from SVN:

svn co

Try the restauth-service script to add services to the database - and don't forget to add valid hosts. See --help and add --help for usage information.

Service integration


  • MediaWiki plugin
  • Apache plugin

Write new software using RestAuth

The prime goal of RestAuth is to make it as easy as possible to develop/modify/extend existing software to authenticate against RestAuth. As with any REST service, we provide CRUD operations for defined entities. But we deviate from that paradigm in several places to meet our primary design goal.

For a detailed interface specification, please see: