Simon Willison’s Weblog

10 items tagged “authentication”

NGINX: Authentication Based on Subrequest Result (via) TIL about this neat feature of NGINX: you can use the auth_request directive to cause NGINX to make an HTTP subrequest to a separate authentication server for each incoming HTTP request. The authentication server can see the cookies on the incoming request and tell NGINX if it should fulfill the parent request (via a 2xx status code) or if it should be denied (by returning a 401 or 403). This means you can run NGINX as an authenticating proxy in front of any HTTP application and roll your own custom authentication code as a simple webhook-recieving endpoint. # 4th October 2019, 3:36 pm

django-piston. Promising looking Django mini-framework for creating RESTful APIs, from the bitbucket team. Ticks all of Jacob’s boxes, even including built-in pluggable authentication support with HTTP Basic, Digest and OAuth out of the box. # 30th April 2009, 7:55 pm

Google’s Usability Research on Federated Login. Fascinating—suggests an approach to federated auth based on the Amazon.com “Yes, I have a password” login flow. Feels convoluted to me but apparently it tests really well against a mainstream audience. The more research shared around this stuff the better. # 22nd September 2008, 8:56 pm

Something you had, Something you forgot, Something you were

Nick Mathewson # 13th May 2008, 8:06 am

Django snippets: Authenticate against Active Directory. Uses a custom authentication backend with the Python ldap module. If Django hasn’t seen the user before a new Django user account is created with data from ldap. # 10th December 2007, 8:40 am

OAuth Core 1.0. The final spec. Expect to see this crop up all over the place in the next few months. # 5th December 2007, 3:39 am

OAuth: Your valet key for the Web. OAuth is a really important new specification that aims to solve the “give this application permission to do X on my behalf” problem once and for all. # 21st September 2007, 11:34 pm

Jottit. Aaron Swartz’s latest venture: a complete rethink of the Infogami concept. Well worth checking out for the extremely thoughtful way it introduces features, and the way account creation with a password remains optional until you want to add access control. # 16th September 2007, 9:43 pm

Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons. # 5th March 2007, 2:38 pm

How is Google giving me access to this page?

Google have an open URL redirector, so you can craft a link that uses that:

[... 35 words]