Simon Willison’s Weblog

Subscribe
Atom feed for authentication

13 items tagged “authentication”

2021

Weeknotes: django-sql-dashboard widgets

Visit Weeknotes: django-sql-dashboard widgets

A few small releases this week, for django-sql-dashboard, datasette-auth-passwords and datasette-publish-vercel.

[... 1,025 words]

2020

datasette-auth-passwords. My latest plugin: datasette-auth-passwords provides a mechanism for signing into Datasette using a username and password (which is verified in order to set a ds_actor authentication cookie). So far it only supports passwords that are hard-coded into Datasette’s configuration via environment variables, but I plan to add database-backed user accounts in the future.

# 13th July 2020, 11:39 pm / passwords, datasette, plugins, projects, authentication

Datasette 0.44: The annotated release notes

I just released Datasette 0.44 to PyPI. With 128 commits since 0.43 this is the biggest release in a long time—and likely the last major release of new features before Datasette 1.0.

[... 1,648 words]

2019

NGINX: Authentication Based on Subrequest Result (via) TIL about this neat feature of NGINX: you can use the auth_request directive to cause NGINX to make an HTTP subrequest to a separate authentication server for each incoming HTTP request. The authentication server can see the cookies on the incoming request and tell NGINX if it should fulfill the parent request (via a 2xx status code) or if it should be denied (by returning a 401 or 403). This means you can run NGINX as an authenticating proxy in front of any HTTP application and roll your own custom authentication code as a simple webhook-recieving endpoint.

# 4th October 2019, 3:36 pm / webhooks, nginx, authentication

2009

django-piston. Promising looking Django mini-framework for creating RESTful APIs, from the bitbucket team. Ticks all of Jacob’s boxes, even including built-in pluggable authentication support with HTTP Basic, Digest and OAuth out of the box.

# 30th April 2009, 7:55 pm / django, rest, restful, python, apis, authentication, oauth, digest, piston, jespernoehr, bitbucket

2008

Google’s Usability Research on Federated Login. Fascinating—suggests an approach to federated auth based on the Amazon.com “Yes, I have a password” login flow. Feels convoluted to me but apparently it tests really well against a mainstream audience. The more research shared around this stuff the better.

# 22nd September 2008, 8:56 pm / google, usability, openid, login, amazon, authentication, federated

Something you had, Something you forgot, Something you were

Nick Mathewson

# 13th May 2008, 8:06 am / security, authentication, nickmathewson

2007

Django snippets: Authenticate against Active Directory. Uses a custom authentication backend with the Python ldap module. If Django hasn’t seen the user before a new Django user account is created with data from ldap.

# 10th December 2007, 8:40 am / ldap, activedirectory, django, authentication, python

OAuth Core 1.0. The final spec. Expect to see this crop up all over the place in the next few months.

# 5th December 2007, 3:39 am / oauth, authentication, apis

OAuth: Your valet key for the Web. OAuth is a really important new specification that aims to solve the “give this application permission to do X on my behalf” problem once and for all.

# 21st September 2007, 11:34 pm / oauth, openid, specification, authentication, web-services, apis

Jottit. Aaron Swartz’s latest venture: a complete rethink of the Infogami concept. Well worth checking out for the extremely thoughtful way it introduces features, and the way account creation with a password remains optional until you want to add access control.

# 16th September 2007, 9:43 pm / aaron-swartz, infogami, jottit, wiki, bitbots, usability, userflow, authentication

Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons.

# 5th March 2007, 2:38 pm / delegation, delegationcoupons, kimcameron, identity, authentication

2006

How is Google giving me access to this page?

Google have an open URL redirector, so you can craft a link that uses that:

[... 35 words]