So basically you want Web2py to be a proxy for the end user. End users
don't have to log in to receiver. Web2py will create and serve anonymous
pages.
Perhaps I misunderstand. But if I read your javascript correctly, you are
asking the browser to communicate directly with the provider. Is this
correct?
Could you store username and password in the session?
Web2py gets a request.
if not session.username or not session.password and not request.post_vars:
return login page (doesn't have to be ajax)
if not session.username or not session.password and request.post_vars:
process login by attempting to access the remote server
if remote server grants access, store password and username in session
else put up error message and respond with login page
if session.username and session.password:
# caveat: I have never done this, but there must by Python libraries for
it
send a GET to the remote server with session.username and
session.password in the header as user credentials
wait for the remote server's response
Web2py processes the response into a view and use it to respond the the
originator
On Wednesday, March 20, 2013 4:04:52 AM UTC-4, Subhamoy Sengupta wrote:
>
> I need no separate set of users for *Receiver*. Only usernames that exist
> in the remote server are allowed to log in, but using this also to log in
> to Receiver is essential to build a view. So, is that JavaScript going to
> be enough?
>
> *EDIT:*
>
> I have already tried the aforementioned JavaScript, and it did not work,
> which I feel is obvious, because it think my username is "username", which
> it is actually tester01, and my password is not "password" either. If I
> assume for a moment that there is only one app, and I have logged into it
> using a username and a password, how would some JavaScript embedded in
> index.html make use of it? Could some authentication be done by Python
> instead? According to this
> post<http://www.web2pyslices.com/slice/show/1533/restful-api-with-web2py>,
> this is also a way of doing RESTful queries:
>
>
> import requests
> from requests.auth import HTTPBasicAuth
> payload = {'f_entry': 'somevalue'}
> auth=HTTPBasicAuth('user', 'pass')
> r = requests.post("http://127.0.0.1:8000/RT/default/api/entries.json",data
> =payload, auth=auth)
> r = requests.delete("http://127.0.0.1:8000/RT/default/api/entries/1.json",data
> =payload, auth=auth)
>
> Could I somehow make use of this method without explicitly knowing my
> password?
>
>
>
>
> *On Wednesday, 20 March 2013 00:16:47 UTC+1, Anthony wrote:*
>>
>> *Do users need to log in to your app at all? In other words, do you also
>> need to restrict access to areas of your app, or is it sufficient to
>> restrict access to the Ajax calls, which will be handled by the basic
>> authentication of the service? If you do need separate authentication for
>> your app (independent of the Ajax calls to the service), is it necessary
>> and/or preferable for users to use the same credentials for your app as
>> they do for the third-party service (i.e., do you want to delegate your
>> app's authentication to the service)?*
>> *
>> *
>> *Anthony*
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
