Reference

Public API functions

aiohttp_security.setup(app, identity_policy, autz_policy)

Setup aiohttp application with security policies.

Parameters:

• app – aiohttp aiohttp.web.Application instance.

• identity_policy – indentification policy, an AbstractIdentityPolicy instance.

• autz_policy – authorization policy, an AbstractAuthorizationPolicy instance.

Abstract policies

aiohttp_security is built on top of two abstract policies –

AbstractIdentityPolicy and AbstractAuthorizationPolicy.

The first one responds on remembering, retrieving and forgetting identity into some session storage, e.g. HTTP cookie or authorization token.

The second is responsible to return persistent userid for session-wide identity and check user’s permissions.

Most likely sofware developer reuses one of pre-implemented identity policies from aiohttp_security but build authorization policy from scratch for every application/project.

Identification policy

class aiohttp_security.AbstractIdentityPolicy

Authorization policy

class aiohttp_security.AbstractAuthorizationPolicy