|
|
|
|
|
|
by ubernostrum
6147 days ago
|
|
|
Well, with auth I think there's an easy confusion to fall into, because we conflate a couple things: 1. The default backend stores information through the User class, persisted to the auth_user table. 2. All backends are required to return instances of User when asked to find the user who matches a given set of credentials. So in the first case, we use the User class as a persistent object store. In the second case we use it as a consistent API implemented by records coming out of auth backends. Where the confusion comes in is people assuming that, since you have to return an instance of User out of your custom backend, you must also have to persist that instance to the auth_user table. Which isn't correct; you're free to just chuck information into an instance on the fly, and Django will neither know nor care (third-party code may make bad assumptions about being able to save that object, but third-party code should be introspecting to find out where the object came from before trying that). Any rate, this is on my list of things to document more completely, and hopefully that'll help. |
|
|