These are chat archives for cherrypy/cherrypy

26th
Jun 2018
ArijeetC
@ArijeetC
Jun 26 2018 10:54
Could a new tool be added to CherryPy for digital signature based authentication of requests? I am currently working on such a tool for my hobby project, so I was thinking whether a similar tool could be added to CherryPy as an alternative to the existing basic and digest authentication tools?
dddh
@dddh
Jun 26 2018 10:56
JWT ?
ArijeetC
@ArijeetC
Jun 26 2018 10:58
Not JWT, something like as described here -> https://searchsecurity.techtarget.com/definition/digital-signature
Anyway, why do you think TLS client verification is not enough?

I'm not sure whether we'd want such tool to be in core, but you can definitely publish in PYPI. Because when adding new things we'll have to support them, while we're short on maintainers. Also it's questionable where it fits best.

Let's check it out whenever you have a demo.

ArijeetC
@ArijeetC
Jun 26 2018 13:38
@webknjaz Yes, similar to the link you have provided. And I agree that publishing to PYPI would be better if it does not fit into CherryPy. Anyway, thank you for your inputs. :thumbsup:
Sviatoslav Sydorenko
@webknjaz
Jun 26 2018 13:41
Let's wait for @jaraco's opinion. But it general if you can demo some widely needed use-case, write some docs on how to use this authentication strategy and commit to maintain this tool in upstream we can consider adding it to core.
ArijeetC
@ArijeetC
Jun 26 2018 13:47
@webknjaz Okay, I will try to create a demo and let you guys know