Alternate Login Methods

Auth provides multiple login methods and hooks to create new login methods. Each supported login method corresponds to a file in the folder

1 gluon/contrib/login_methods/

Refer to the documentation in the files themselves for each login method, but here we provide some examples.

First of all we need to make a distinction between two types of alternate login methods:

• login methods that use a web2py form (although the credentials are verified outside web2py). An example is LDAP.

• login methods that require an external sign-on (web2py never gets to see the credentials).

Let's consider examples of the first case:

Basic Let's say you have an authentication service, for example at the url, that accepts basic access authentication. That means the server accepts HTTP requests with a header of the form:

1 GET /index.html HTTP/1.0

2 Host:

3 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

where the latter string is the base64 encoding of the string username:password. The service responds 200 OK if the user is authorized and 400, 401, 402, 403 or 404 otherwise.

You want to enter username and password using the standard Auth login form and verify the credentials against such a service. All you need to do is add the following code to your application

1 from gluon.contrib.login_methods.basic_auth import basic_auth

2 auth.settings.login_methods.append(

Notice that auth. settings. iogin_methods is a list of authentication methods that are executed sequentially. By default it is set to

1 auth.settings.login_methods = [auth]

When an alternate method is appended, for example basic.auth, Auth first tries to log in the visitor based on the content of auth_user, and when this fails, it tries the next method in the list. If a method succeeds in logging in the visitor, and if auth. settings. login_methods [0] ==auth, Auth takes the following actions:

• if the user does not exist in auth_user, a new user is created and the username/email and passwords are stored.

• if the user does exist in auth_user but the new accepted password does not match the old stored password, the old password is replaced with the new one (notice that passwords are always stored hashed unless specified otherwise).

If you do not wish to store the new password in auth_user, then it is sufficient to change the order of login methods, or remove auth from the list. For example:

1 from gluon.contrib.login_methods.basic_auth import basic_auth

2 auth.settings.login_methods = \

The same applies for any other login method described here.

SMTP and Gmail You can verify the login credentials using a remote SMTP server, for example Gmail; i.e., you log the user in if the email and password they provide are valid credentials to access the Gmail SMTP server ( com:58 7). All that is needed is the following code:

1 from gluon.contrib.login_methods.email_auth import email_auth

2 auth.settings.login_methods.append(

3 email_auth(" 7", ""))

The first argument of email.auth IS the address:port of the SMTP server. The second argument is the email domain.

This works with any SMTP server that requires TLS authentication.

LDAP Authentication using LDAP works very much as in the previous cases.

To use LDAP login with MS Active Directory:

1 from gluon.contrib.login_methods.ldap_auth import ldap_auth

2 auth.settings.login_methods.append(ldap_auth(mode= 'ad',

3 server='my.domain.controller',

To use LDAP login with Lotus Notes and Domino:

1 auth.settings.login_methods.append(ldap_auth(mode= 'domino',

2 server='my.domino.server'))

To use LDAP login with OpenLDAP (with UID):

1 auth.settings.login_methods.append(ldap_auth(server='my.ldap.server',

To use LDAP login with OpenLDAP (with CN):

1 auth.settings.login_methods.append(ldap_auth(mode= 'cn',

2 server='my.ldap.server', base_dn= 'ou=Users,dc=domain,dc=com'))

Google on GAE Authentication using Google when running on Google App Engine requires skipping the web2py login form, being redirected to the Google login page, and back upon success. Because the behavior is different than in the previous examples, the API is a little different.

1 from gluon.contrib.login_methods.gae_google_login import


2 auth.settings.login_form = GaeGoogleAccount()

Was this article helpful?

0 0


  • jenna
    How to use auth in web2py basic_auth?
    8 years ago
  • Selassie
    7 months ago

Post a comment