• Vincent Pelletier's avatar
    all: Implement server-side OAuth2 protocol. · 56c81642
    Vincent Pelletier authored
    Replace CookieCrumbler's cookie with OAuth2 tokens:
    - add the notion of authenticated sessions: period from a login action to
      either a logout or the expiration of tokens
    - avoids session fixation (knowing one token does not grant near-permanent
      access to the session)
    - reduces the per-request cost of authentication (removes the need to
      compute user's groups, and the need to cache these groups for a fixed
      period).
    56c81642
ERP5RoleManager.py 2.76 KB