Brad Fitzpatrick (bradfitz) wrote in lj_dev,
Brad Fitzpatrick

Abstracted Authentication

On the plane to and from the Webbies I worked on abstracting all the authentication in the LiveJournal codebase. There's now[1] a hook where you can plugin your own authentication services in[2] Not only does it just authenticate, but it creates accounts on the fly as necessary.

If you're validating against an LDAP database with 10,000 employees and the LiveJournal features of said company have only been used by 3 people, only 3 users exist in the LJ database. But once you add one of those other 9,997 people use any part of the site (or one of the 3 users tries to add one of the non-using users to their friends list) then their account is created on the fly.

Obviously, registering new accounts is disabled when an external auth. service is being used. Changing passwords & getting lost passwords isn't supported yet, and probably won't be by default, unless the authentication service says it supports it, which most won't/can't. (you can't get the clear text of a Unix md5 password for instance).

The one problem with all of this is that a community can't be created because that username might be taken already (which we could check) or it might be taken in the future by the master database.

I guess this finally makes me consider putting communities in their own namespace, which introduces tons of difficulties ... the friends table would have to be for just friends and a new table would need to be used to track community memberships.

Or.... without changing LJ much, if the site wants communities, perhaps their authentication plugin must support registering dummy accounts in the master database so they could be used as communities by LJ?

Thoughts? I'm particularly interested in AlanJ's thoughts, since he brought up some of these issues in the past if I recall.

[1] Changes aren't in CVS yet because I haven't got a chance and it might still be broken in parts. I won't check in broken crap to CVS.

[2] You'd actually require your library and setup the sub references in .... not put all the code there.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded