Simon Willison’s Weblog

12 items tagged “authentication”

2020

datasette-auth-passwords. My latest plugin: datasette-auth-passwords provides a mechanism for signing into Datasette using a username and password (which is verified in order to set a ds_actor authentication cookie). So far it only supports passwords that are hard-coded into Datasette’s configuration via environment variables, but I plan to add database-backed user accounts in the future. # 13th July 2020, 11:39 pm

Datasette 0.44: The annotated release notes

I just released Datasette 0.44 to PyPI. With 128 commits since 0.43 this is the biggest release in a long time—and likely the last major release of new features before Datasette 1.0.

[... 1648 words]

2019

NGINX: Authentication Based on Subrequest Result (via) TIL about this neat feature of NGINX: you can use the auth_request directive to cause NGINX to make an HTTP subrequest to a separate authentication server for each incoming HTTP request. The authentication server can see the cookies on the incoming request and tell NGINX if it should fulfill the parent request (via a 2xx status code) or if it should be denied (by returning a 401 or 403). This means you can run NGINX as an authenticating proxy in front of any HTTP application and roll your own custom authentication code as a simple webhook-recieving endpoint. # 4th October 2019, 3:36 pm

2009

django-piston. Promising looking Django mini-framework for creating RESTful APIs, from the bitbucket team. Ticks all of Jacob’s boxes, even including built-in pluggable authentication support with HTTP Basic, Digest and OAuth out of the box. # 30th April 2009, 7:55 pm

2008

Google’s Usability Research on Federated Login. Fascinating—suggests an approach to federated auth based on the Amazon.com “Yes, I have a password” login flow. Feels convoluted to me but apparently it tests really well against a mainstream audience. The more research shared around this stuff the better. # 22nd September 2008, 8:56 pm

Something you had, Something you forgot, Something you were

Nick Mathewson # 13th May 2008, 8:06 am

2007

Django snippets: Authenticate against Active Directory. Uses a custom authentication backend with the Python ldap module. If Django hasn’t seen the user before a new Django user account is created with data from ldap. # 10th December 2007, 8:40 am

OAuth Core 1.0. The final spec. Expect to see this crop up all over the place in the next few months. # 5th December 2007, 3:39 am

OAuth: Your valet key for the Web. OAuth is a really important new specification that aims to solve the “give this application permission to do X on my behalf” problem once and for all. # 21st September 2007, 11:34 pm

Jottit. Aaron Swartz’s latest venture: a complete rethink of the Infogami concept. Well worth checking out for the extremely thoughtful way it introduces features, and the way account creation with a password remains optional until you want to add access control. # 16th September 2007, 9:43 pm

Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons. # 5th March 2007, 2:38 pm

2006

How is Google giving me access to this page?

Google have an open URL redirector, so you can craft a link that uses that:

[... 35 words]