Skip to content
Authentication and authorization framework for CherryPy
Find file
New pull request
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


lg_authority - A general purpose, multi-backend capable authentication and permissions framework for CherryPy.


    pymongo - For MongoDB backend
    python-openid - For Open ID support

1. git clone git://
2. cd lamegame_cherrypy_authority
3. sudo python install (or python install --user to install without sudo)

Example Usage (just want to block out non-logged-in users)
import cherrypy
import lg_authority

class Root(object):
    auth = lg_authority.AuthRoot()

    def index(self):
        return "Logged in!"

    'tools.lg_authority.on': True, 
    # Uncomment the following two lines to persist changed user / group data
    # 'tools.lg_authority.site_storage': 'sqlite3', 
    # 'tools.lg_authority.site_storage_conf': { 'file': 'test.db' } })

Storage Options

The different storage options are laid out in lg_authority/slates/storage.  Currently, there are the following and their options:

ram - Store session and user data in memory only; it will get erased when the
    server restarts, and does not support coordination between different 
    Options: No options.

sqlite3 - Store session in a sqlite3 file database.  Data is persisted through 
    the file.
    Options: file - The file to store session and user information in.

pymongo - Store session information in a mongodb backend.
        host - The host address of the mongodb server to connect to
        port - The port
        db - The name of the mongodb database to store auth collections in
        collection_base - An optional prefix for all of the collections created
            and maintained by lg_authority.


Being an openID server
If python-openid is installed, then there is an OpenID endpoint set up automatically at (authroot)/openid.  If you would like your site root to be an open ID endpoint, put the following meta tag in the index page (e.g.

<meta http-equiv="x-xrds-location" content="" />

Replace with your auth root.  It is probably wise to ensure that the xrds location is accessed through https.

Users may also use the /auth/openid URL as an endpoint, even if you don't put that meta tag on your root.

Something went wrong with that request. Please try again.