Support sessions in txJSON-RPC

Registered by Duncan McGreggor

Every once in a while, someone on the Twisted or Twisted-web mail list posts about the need for sessions in their RPC implementation. This has recently come up in a conversation with a txJSON-RPC user as well. This blueprint aims to define the work necessary in order to support this use case.

Server-side:

 * The JSONRPC class will need to track tokens in a data structure and expire them after a configurable period of time.
 * The JSONRPC server will need to implement /login and /logout children; as such, it may be useful to simply subclass server.Site and use that subclass in all the examples.
 * The JSONRPC._cbRender method will need to set the X-Auth-Token header.

Proxy-side:

 * The QueryProtocol will either have to be modified or subclassed for BasicAuth connections or token-based connections.
 * Split out callRemote into callRemote and sendRequest.
 * Add a login method that sends a request to an /authenticate or /login URL; for a successful login, the response headers will contain an X-Auth-Token header.
 * Add session methods to the Proxy for getting/setting session data; any method that wants to operate on the server sessions will need access to the request object, to shese methods will use the sendRequest method.
 * Add a logout method that will clear the proxy session and send a request to /logout; GETing logout will clear the auth token from the server.
 * The login and logout methods will use the sendRequest method, constructing the URLs to GET.

Considerations:

 * An implementation as described above will require the use of the txJSON-RPC Proxy for all session-based communications with a txJSON-RPC server.
 * We would like to support vanilla jsonrpc proxies as well.
 * In order to do so, we'd have to:
   - use callRemote for all requests
   - tweak callRemote to only send user/pass conditionally, if auth-tokens are being used
   - send auth tokens as part of a query string
   - support jsonrpc_login and jsonrpc_logout
   - do some crazy hacking so that the login and logout resource methods have access to (or call things that have access to) the request object, so that session data can be accessed.
   - provide jsonrpc_session* methods for getting/setting session data

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Duncan McGreggor
Direction:
Needs approval
Assignee:
Duncan McGreggor
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.