Yes, I want to ultimately be able to send restful queries to a 3rd party service using jQuery-Ajax along with the username and password. So, as things are now, I do need to log in to the Receiver app, with the authorization of the Provider, to be able to see certain things and click on them. User interaction will result in Ajax calls that will have username and password. But I was thoroughly confused where I would get it from. So, from what you are saying, I should just fire the query, where username is "username" and password is "password"? I am having a bit of trouble understanding this concept, because I thought I would have to get this password from form.vars.password and username from session.auth.user.username and then I have enough information to do the Ajax calls. So, all I need to do is something like this:
var gBaseUrl="http://127.0.0.1:8000/Provider/sites/";; $(document).ready(function(){ $.ajax({ type: "GET", async: true, crossDomain: true, password: "password", username: "username", url: gBaseUrl+"get_username", dataType: "jsonp" }).done(function(){}) .fail(function(){}) .always(function(){}); }); On Tuesday, 19 March 2013 20:57:03 UTC+1, Anthony wrote: > > Are you saying that ultimately you want your Receiver app to be able to > make Ajax calls to a third-party service (that will not be a web2py app) > that requires basic authentication? If so, then auth.settings. > login_methods = [basic_auth('http://127.0.0.1:8000/Provider')] in the > Receiver app won't help, as that determines how users log in *to the > Receiver app*. Once the user is logged in to the Receiver app, that only > provides authorization for requests to the Receiver app (the basic > authentication call to the Provider app only tells the Receiver app the > user is allowed to be logged in to the Receiver app -- it doesn't log the > user in to the Provider app). In fact, with basic authentication, there > isn't really a notion of being "logged in", as you have to pass the login > credentials in the HTTP headers with every request (i.e., you effectively > have to log in with every request). > > If you want to make Ajax requests to a service requiring basic > authentication, you either need to have users input their login credentials > on your page and then grab the credentials via Javascript and submit them > in the HTTP headers (the jQuery .ajax() function makes this easy by letting > you simply include "username" and "password" arguments), or you can make > the request without the credentials, and the server should send a 401 > response, which will instruct the browser to prompt the user for the > credentials (and the browser will cache the credentials for some period of > time so the user doesn't have to keep re-entering them on every request). > The latter is generally a less desirable user experience. > > Anthony > > > On Tuesday, March 19, 2013 2:30:48 PM UTC-4, Subhamoy Sengupta wrote: >> >> Because the Provider will ultimately be replaced by a client's server. >> The Provider app is for my learning and testing convenience. >> >> >> * >> On Tuesday, 19 March 2013 19:20:00 UTC+1, Cliff Kachinske wrote:* >>> >>> *Correct me if I'm wrong, but it seems like you are splitting the model >>> and controller parts across two applications.* >>> * >>> * >>> *Why would you do that? The Web2py architecture works best when one >>> application handles model, view and controller functions for a set of >>> related tables. Each table, in turn, represents some real-world object. >>> * >>> * >>> * >>> *This would all be so much simpler if you used the typical arrangement.* >>> >> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
