summary refs log tree commit diff
path: root/docs/password_auth_providers.rst
blob: 3da1a67844b791e07cb0b338d03c8c4a0aa6af36 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Password auth provider modules
==============================

Password auth providers offer a way for server administrators to integrate
their Synapse installation with an existing authentication system.

A password auth provider is a Python class which is dynamically loaded into
Synapse, and provides a number of methods by which it can integrate with the
authentication system.

This document serves as a reference for those looking to implement their own
password auth providers.

Required methods
----------------

Password auth provider classes must provide the following methods:

*class* ``SomeProvider.parse_config``\(*config*)

    This method is passed the ``config`` object for this module from the
    homeserver configuration file.

    It should perform any appropriate sanity checks on the provided
    configuration, and return an object which is then passed into ``__init__``.

*class* ``SomeProvider``\(*config*, *account_handler*)

    The constructor is passed the config object returned by ``parse_config``,
    and a ``synapse.handlers.auth._AccountHandler`` object which allows the
    password provider to check if accounts exist and/or create new ones.

``someprovider.check_password``\(*user_id*, *password*)

    This is the method that actually does the work. It is passed a qualified
    ``@localpart:domain`` user id, and the password provided by the user.

    The method should return a Twisted ``Deferred`` object, which resolves to
    ``True`` if authentication is successful, and ``False`` if not.