asyncio based library for making web servers.

The library for writing single-threaded concurrent code using coroutines, multiplexing I/O access over sockets and other resources, running network clients and servers, and other related primitives.

Reference implementation of PEP 3156


Actions related to retrieving, storing and removing user’s identity.

Authenticated user has no access rights, the system even has no knowledge is there the user still registered in DB.

If Request has an identity it means the user has some ID that should be checked by authorization policy.

Checking actual permissions for identified user along with getting userid.

Session-wide str for identifying user.

Stored in local storage (client-side cookie or server-side storage).

Use remember() for saving identity (sign in) and forget() for dropping it (sign out).

identity is used for getting userid and permission.


Permission required for access to resource.

Permissions are just strings, and they have no required composition: you can name permissions whatever you like.

User’s ID, most likely his login or email