Base classes for PyXMPP SASL implementation.
Authentication properties
Most authentication mechanisms needs some data to identify the
authenticating entity and/or to provide characteristics of the communication
channel. These are passed as a properties
mapping to the .start()
method to a server or client authenticator.
Similar mechanism is used to return data obtained via the authentication
process: the Success object has a Success.properties
attribute with
the data obtained.
The mapping contains name->value pairs. Meaning of those is generally
mechanism-dependant, but these are the usually expected properties:
- For input to the start() method:
- "username" - the user name. Required by all password based mechanisms.
- "password" - the user's password. Required by all password based
mechanisms.
- "authzid" - authorization id. Optional for most mechanisms.
- "security-layer" - security layer if any. "TLS" when TLS is in
use.
- "channel-binding" - mapping of 'channel binding type' to 'channel
binding date' if available on the channel
- "service-type" - service type as required by the DIGEST-MD5 protocol
- "service-domain" - service domain (the 'serv-name' or 'host' part of
diges-uri of DIGEST-MD5)
- "service-hostname" - service host name (the 'host' par of diges-uri
of DIGEST-MD5)
- "remote-ip" - remote IP address
- "realm" - the realm to use if needed
- "realms" - list of acceptable realms
- "available_mechanisms" - mechanism list provided by peer
- "enabled_mechanisms" - mechanisms enabled on our side
- For output, via the
Success.properties
attribute:
- "username" - the authenticated user name
- "authzid" - the authorization id
- "realm" - the realm