Forum OpenACS Development: Re: RFC: External Authentication

Collapse
Posted by Lars Pind on
Andrew,

Just to make sure I'm not missing something:

In my proposed scheme, the only interaction normal pages should have with the Authentication API would be "auth::require_login", "ad_conn user_id", and perhaps "ad_conn untrusted_user_id".

You say subtle differences ... I just want to make sure that we're on the same page here: If we implemented "auth::require_login" with a service contract, and thus let you plug in a different implementation, our two designs would be completely equivalent in what they could accomplish, no?

If not, I'm missing something. Please help me :)

/Lars