Do this. Either pass the data you need to work with through the auth event as part of the payload, or make sure the data is in a session custom property that can be accessed via the onAuthChallengeComplete handler or a or page custom property subsequent perspective message handler that is called from the authentication event handler.
In the onAuthenticationChallengeCompleted session event handler, your script would look like something along the lines of:
def onAuthChallengeCompleted(session, payload, result):
logger = system.util.getLogger("ProjectNameAuthChallenger")
if not payload:
logger.warn("Authentication challenger did not provide a payload")
source = payload.setdefault("sourceID", None)
sourcePage = payload.setdefault("sourcePageID", None)
if not source:
logger.warn("Authentication challenge completed with unknown source")
if not sourcePage:
logger.warn("Authentication challenger did not provide a page ID")
context = result.asSuccess.context
user = context.user
roles = user.roles
if source == "ArithmeticButton" and "Administrator" in roles:
system.perspective.sendMessage("PerformArithmetic", scope="page", pageId=sourcePage)
Then on your page where the button is located, put a message handler on the root container called PerformArithmetic and in that script do whatever math you wanted to do when the user is confirmed to be authentic
Not sure what you are asking here, are you asking why I use these or why they are used in if statements?
If the latter: The code I provided is the base framework code I use with auth challenges in my projects, adjusted to try to fit your use case. The first part is checking two things when receiving the results of a auth challenge:
A) Checking that a payload was actually passed to the challenge (if you try to pull a value from the payload when no payload was passed, you'll get an error)
B) Checking that the payload contains the necessary keys with useable values.
I normally have several things calling auth challenges that all need their own thing to happen, whether that is a certain function call or a specific message handler.
I use source/sourceID as a way to identify what called the challenge and allow the system to figure out what needs to be done after the challenge is completed. sourcePage/sourcePageID is used in the call to system.perspective.sendMessage() so it knows what page to target when sending the message.
If the auth challenge is called but the identifying data isn't passed or isn't present, then the system won't be able to determine what to do after authenticating the user. Therefore, I check the data exists before attempting to do any further logic with it.
Also, in the auth challenge handler, you may want to add something to call a popup that alerts any unallowed user, or user that fails to authenticate, that they are not allowed to perform the requested action. This will prevent false assumptions that the code/interface isn't working when actually the user doesn't have the required roles/permissions or isn't included in the IDP you are authenticating against.