[annotator-dev] annotator and authentication

Randall Leeds tilgovi at hypothes.is
Tue Jan 28 20:52:56 UTC 2014


On Jan 27, 2014 2:07 PM, "Graham Hukill" <ghukill at gmail.com> wrote:
>
> Let me get one thing out of the way, the annotator javascript library,
and python store backend, are amazing.  Just exactly what I've been looking
for.  I've got kind of a general question.
>
> I've successfully implemented the JS plugin, using the annotator-store
python / flask backend to store the annotations.  For the annotator-store,
I did it just about as vanilla as possible, firing up "run.py" and letting
her go.  I'm wondering, given a username client-side, what is the easiest
way to pass this username to the annotator-store to associate with the
annotations?

The Auth plugin will set headers for the Store plugin requests and fetch
tokens from the token route.

Creating the token route and authorizing requests to it is open for you to
implement however you like. For example, you may choose to create a login
page that sets a session cookie and validate that cookie on the token route
(just make sure the token route allows cross origin credentials).

>
> I've poked around a bit, seen the g.user field, defined by MockUser
function, etc. etc.  I'm just wondering what a low barrier option for
passing a username to this would be, aka, where I can catch a request.form
variable and associate it.

The consumer class determines the user id from the auth token in the
X-Annotator-Auth-Token header. The user class, like MockUser, ties this id
to your user data.

>
> Many thanks in advance - I realize it's a general question, just trying
to wrap my head around where to focus.

Sure. Let me know if anything is unclear, where docs can be improved, and
if you need more specific pointers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20140128/5484bfee/attachment-0004.html>


More information about the annotator-dev mailing list