When this directive is used, authentication information is obtained from a repoze.who.identity key in the WSGI environment, assumed to be set by repoze.who middleware.



The identifier_name controls the name used to look up the repoze.who "identifier" plugin within request.environ['repoze.who.plugins'] which is used by this policy to "remember" and "forget" credentials. It defaults to auth_tkt.


The callback is a Python dotted name to a function passed the repoze.who identity and the request as positional arguments. The callback is expected to return None if the user represented by the identity doesn't exist or a sequence of group identifiers (possibly empty) if the user does exist. If callback is None, the userid will be assumed to exist with no groups. It defaults to None.


2 identifier_name="auth_tkt"
3 callback=".somemodule.somefunc"
4 />


You may create an instance of the pyramid.authentication.RepozeWho1AuthenticationPolicy and pass it to the pyramid.config.Configurator constructor as the authentication_policy argument during initial application configuration.

See Also

See also Built-In Authentication Policy ZCML Directives and pyramid.authentication.RepozeWho1AuthenticationPolicy.