AUTHENTICATION 225 In this chapter, we are going to discuss different parts of RBAC one by one. Authentication In order to use RBAC, users need to be identified. This means that they need to register (or be registered) and log in. Auth provides multiple login methods. The default one consists of identifying users based on the local auth user table. Alternatively, it can log in users against third-party basic authentication systems (for example a Twitter account), SMTP servers (for example Gmail), or LDAP (your corporate account). It can also use third-party single-sign-on systems, for example Google. This is achieved via plugins, and new. | AUTHENTICATION 225 In this chapter we are going to discuss different parts of RBAC one by one. 1 2 3 1 1 2 3 4 5 6 7 1 2 3 4 5 Authentication In order to use RBAC users need to be identified. This means that they need to register or be registered and log in. Auth provides multiple login methods. The default one consists of identifying users based on the local authuser table. Alternatively it can log in users against third-party basic authentication systems for example a Twitter account SMTP servers for example Gmail or LDAP your corporate account . It can also use third-party single-sign-on systems for example Google. This is achieved via plugins and new plugins are added all the time. To start using Auth you need at least this code in a model file which is also provided with the WEB2py welcome application and assumes a db connection object from import Auth auth Auth globals db To expose Auth you also need the following function in a controller for example in def user return dict form auth The auth object and the user action are already defined in the scaffolding application. WEB2py also includes a sample view default to render this function properly that looks like this extend h2 0 h2 form if 0 login a href URL r request args register register a br a href URL r request args retrieve_password lost password a br pass The controller above exposes multiple actions http . app default user registerhttp . app default user login http . app default user logouthttp . app default user profile http . app default user change_password 226 ACCESS CONTROL 6 http . app default user verify_email 7 http . app default user retrieve_username 8 http . app default user retrieve_password 9 http . app default user impersonate 10 http . app default user groups 11 http . app default user not_authorized register allows users to register. It is integrated with CAPTCHA although this is disabled by .