summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
authorDavid Baker <dbkr@users.noreply.github.com>2017-10-31 13:40:10 +0000
committerGitHub <noreply@github.com>2017-10-31 13:40:10 +0000
commita1f8b0fd649606cc491eeba0a9f203ee18a228b3 (patch)
treea61cd8b00a7fb8501a517e10584f6c40d8535792 /docs
parentMerge pull request #2605 from matrix-org/luke/fix-group-creation-error-wording (diff)
parentStart some documentation on password providers (diff)
downloadsynapse-a1f8b0fd649606cc491eeba0a9f203ee18a228b3.tar.xz
Merge pull request #2608 from matrix-org/rav/password_provider_doc
Start some documentation on password providers
Diffstat (limited to 'docs')
-rw-r--r--docs/password_auth_providers.rst39
1 files changed, 39 insertions, 0 deletions
diff --git a/docs/password_auth_providers.rst b/docs/password_auth_providers.rst
new file mode 100644
index 0000000000..3da1a67844
--- /dev/null
+++ b/docs/password_auth_providers.rst
@@ -0,0 +1,39 @@
+Password auth provider modules
+==============================
+
+Password auth providers offer a way for server administrators to integrate
+their Synapse installation with an existing authentication system.
+
+A password auth provider is a Python class which is dynamically loaded into
+Synapse, and provides a number of methods by which it can integrate with the
+authentication system.
+
+This document serves as a reference for those looking to implement their own
+password auth providers.
+
+Required methods
+----------------
+
+Password auth provider classes must provide the following methods:
+
+*class* ``SomeProvider.parse_config``\(*config*)
+
+    This method is passed the ``config`` object for this module from the
+    homeserver configuration file.
+
+    It should perform any appropriate sanity checks on the provided
+    configuration, and return an object which is then passed into ``__init__``.
+
+*class* ``SomeProvider``\(*config*, *account_handler*)
+
+    The constructor is passed the config object returned by ``parse_config``,
+    and a ``synapse.handlers.auth._AccountHandler`` object which allows the
+    password provider to check if accounts exist and/or create new ones.
+
+``someprovider.check_password``\(*user_id*, *password*)
+
+    This is the method that actually does the work. It is passed a qualified
+    ``@localpart:domain`` user id, and the password provided by the user.
+
+    The method should return a Twisted ``Deferred`` object, which resolves to
+    ``True`` if authentication is successful, and ``False`` if not.