It's kind of that frameworks are still the silos wsgi was supposed to solve. Look at flask - it started off as little more than the code examples in PEP333 ! Then people went great ! And it was great.
Except that it had let's say OpenId added to the framework.
Now in my opinion the right place to do authorisation is earlier in the wsgi chain - using say repoze.who.
But now someone coming along sees the framework can do this and instead of learning how to chain wsgi apps they just take Armins excellent skeleton code and hey presto Flask starts to bloat.
This is not a complaint about Flask per se (I think Armin is doing a Stirling job promoting a smaller way) but it is about a chain that was supposed to mean we could pick best of breed middleware and yet we are still in which framework is best debates
It should never be how to learn pyramid / flask / django in one day but should be how to deploy a micro-service and chain it in front of authentication middleware and hey presto a working API. Stuff your templates.
> it started off as little more than the code examples in PEP333 !
Flask had less than 1000 lines when it begun, but werkzeug is much bigger than that.
> Except that it had let's say OpenId added to the framework.
Is that supposed to be a hypothetical example? Because Flask framework doesn't have openid added to it. Flask extensions for it exist, just the way it should. The users can write whatever extensions they want - that shouldn't concern framework developer or other users.
> Now in my opinion the right place to do authorisation is earlier in the wsgi chain - using say repoze.who.
I don't know what repoze is. But if you want to insert a wsgi middleware, you can easily do it in flask.
> But now someone coming along sees the framework can do this
The framework doesn't do auth.
> they just take Armins excellent skeleton code
I don't know which snippet you are talking about, but I believe that's about how to use Flask-OpenId extension.
> but it is about a chain that was supposed to mean we could pick best of breed middleware and yet we are still in which framework is best debates
Flask-openid is a wsgi chain. Flask app object is a wsgi object, and openid extension wraps it. Also, my concern would be ease of integration and extensiblity, not what level it works at.
Now in my opinion the right place to do authorisation is earlier in the wsgi chain - using say repoze.who.
But now someone coming along sees the framework can do this and instead of learning how to chain wsgi apps they just take Armins excellent skeleton code and hey presto Flask starts to bloat.
This is not a complaint about Flask per se (I think Armin is doing a Stirling job promoting a smaller way) but it is about a chain that was supposed to mean we could pick best of breed middleware and yet we are still in which framework is best debates
It should never be how to learn pyramid / flask / django in one day but should be how to deploy a micro-service and chain it in front of authentication middleware and hey presto a working API. Stuff your templates.