aiohttp-security/docs/usage.rst

.. _aiohttp-security-usage:


=======
 Usage
=======

.. currentmodule:: aiohttp_security
.. highlight:: python

The library is build on top of two policies: :term:`authentication`
and :term:`authorization`.


Authentication
==============

Actions related to retrieving, storing and removing user's
:term:`identity`.

Authenticated user has no access rights, the system even has no
knowledge is there the user still registered in DB.

If :term:`request` has an :term:`identity` it means the user has
some ID that should be checked by :term:`authorization` policy.


identity is a string shared between browser and server.
Thus it's not supposed to be database primary key, user login/email etc.
Random string like uuid or hash is better choice.
Continue to work on documentation 2015-11-08 02:47:19 +00:00			`.. _aiohttp-security-usage:`


			`=======`
			`Usage`
			`=======`

			`.. currentmodule:: aiohttp_security`
			`.. highlight:: python`

			The library is build on top of two policies: :term:`authentication`
			and :term:`authorization`.


			`Authentication`
			`==============`

			`Actions related to retrieving, storing and removing user's`
			:term:`identity`.

			`Authenticated user has no access rights, the system even has no`
			`knowledge is there the user still registered in DB.`

			If :term:`request` has an :term:`identity` it means the user has
			some ID that should be checked by :term:`authorization` policy.






More docs 2015-10-29 08:31:24 +00:00			`identity is a string shared between browser and server.`
Continue to work on documentation 2015-11-08 02:47:19 +00:00			`Thus it's not supposed to be database primary key, user login/email etc.`
More docs 2015-10-29 08:31:24 +00:00			`Random string like uuid or hash is better choice.`