>
> allows_jwt means JWT is *allowed*, not that it is *required*. When you
>> open the URL in the browser, you will have access as long as you are logged
>> in in the browser -- JWT is irrelevant in that context.
>>
>
> Just to clarify, you *can* use JWT for authentication even from the
>
>
> allows_jwt means JWT is *allowed*, not that it is *required*. When you
> open the URL in the browser, you will have access as long as you are logged
> in in the browser -- JWT is irrelevant in that context.
>
Just to clarify, you *can* use JWT for authentication even from the
browser, but
pretty clear, thx anthony
best regards,
stifan
On Friday, May 18, 2018 at 6:48:41 AM UTC+7, Anthony wrote:
>
> On Thursday, May 17, 2018 at 5:57:13 PM UTC-4, 黄祥 wrote:
>>
>> it's clear enough, thx anthony
>> curl -X GET --user user:password -i
>>
On Thursday, May 17, 2018 at 5:57:13 PM UTC-4, 黄祥 wrote:
>
> it's clear enough, thx anthony
> curl -X GET --user user:password -i
> http://127.0.0.1:8000/test/api/header_jwt/table/1
> *result:*
> Invalid JWT header
>
> open http://127.0.0.1:8000/test/api/header_jwt/table/1
> *result after login
it's clear enough, thx anthony
curl -X GET --user user:password -i
http://127.0.0.1:8000/test/api/header_jwt/table/1
*result:*
Invalid JWT header
open http://127.0.0.1:8000/test/api/header_jwt/table/1
*result after login in browser:*
data shown
is it normal? or did i misunderstand the concept
>
> *command :*
> curl -H "Authorization: Bearer paste_jwt_token_here"
> http://127.0.0.1:8000/test/api/header_jwt/table/1
> *result:*
> data shown without user credentials
> *expected result:*
> data not shown without user credentials
>
> any idea? or is it normal because from code above i've
*models/db.py*
from gluon.tools import Auth, AuthJWT
auth = Auth(db, controller = 'default', host_names =
configuration.get(configuration_env + '_' + 'auth.host') )
*controllers/api.py*
myjwt = AuthJWT(auth, secret_key = 'secret')
def login_and_take_token():
return myjwt.jwt_token_manager()
On Tuesday, November 21, 2017 at 4:38:12 AM UTC-8, Anthony wrote:
>
>
>>> #requests.packages.urllib3.disable_warnings() # - uncomment if you use
>>> a self-signed cert over https
>>> r = session.get(url_login, verify=True) #set verify=False if you use a
>>> self-signed
>>> cert over https
On Tuesday, November 21, 2017 at 5:10:28 AM UTC-8, Leandro Sebastian
Salgueiro wrote:
> it seems now that my "quick" workaround was not that simple (unless there
> is a magical solution somewhere) and is easier to direclty implement JWT on
> all my microservices and frontend.
>
>>
>>>
Thanks Anthony, All,
I know that what I'm trying to do here is kind of twisted ..
I have a quite complex structure of microservices on backend that needs to
be accessed by Frontend. my final idea (at the end of the project) is to
use JWT on every microservice but in the meanwhile (as i need a
What are you really trying to do? Is the API simply being called from the
browser, or are other types of clients calling it? If that latter, you
might look into using JWT auth, as session based authentication doesn't
work well for non-browser clients unless you get them to maintain a session
>
>
>> #requests.packages.urllib3.disable_warnings() # - uncomment if you use
>> a self-signed cert over https
>> r = session.get(url_login, verify=True) #set verify=False if you use a
>> self-signed
>> cert over https
>>
>>
> I'm not sure about this. As is, it produces a ticket for "get()
As I see Leo uses requestS module, don't confuse with web2py request object.
Yes it's no good idea to use 'session' as name
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list
On Monday, November 13, 2017 at 6:14:00 AM UTC-8, Leandro Sebastian
Salgueiro wrote:
>
> HI,
>
> I have two controllers on the same app:
>
> TestApp
> |
> |---default.py
> |---api.py
>
> api is a restful service that will call other services. For security
> reasons I would like that all call
On Monday, November 20, 2017 at 3:08:56 PM UTC-8, Val K wrote:
>
>
> Hi, you can use requests.Session:
>
> #in default
> session = requests.Session()
>
session is an already-defined global.
> url_login = 'http:///api/login.json'
>
Shouldn't you be using the URL helper? For my setup,
Hi, you can use requests.Session:
#in default
session = requests.Session()
url_login = 'http:///api/login.json'
#requests.packages.urllib3.disable_warnings() # - uncomment if you use a
self-signed
cert over https
r = session.get(url_login, verify=True) #set verify=False if you use a
Hola Carlos, efectivamente soy latino :-) ..
Muchas gracias por tu respuesta, me queda mucho mas claro lo que esta
pasando...
estoy de acuerdo contigo, lo que trato de hacer es un poco (bastante)
extraño, era una solucion provisoria hasta que pueda crear autorisaciones
token en mis
Hola Leandro, te escribo en español porque al ver tu nombre me parece que
hablas castellano, corrigeme si me equivoco y te lo escribo en ingles,
El lunes, 13 de noviembre de 2017, 7:14:00 (UTC-7), Leandro Sebastian
Salgueiro escribió:
I added then the requires_login to api controller and
18 matches
Mail list logo
