> > Only usernames that exist in the remote server are allowed to log in, but > using this also to log in to Receiver is essential to build a view.
I'm not sure what you mean that using the remote credentials to log in to Receiver is essential to building a view. The question is whether the only thing that requires authentication is access to the third-party service itself -- if so, then you don't need users to log in to Receiver, you just need them to provide credentials to be used for authenticating with the external service. I have already tried the aforementioned JavaScript, and it did not work, > which I feel is obvious, because it think my username is "username", which > it is actually tester01, and my password is not "password" either. Not sure why you would submit "username" and "password" as the username and password. The jQuery .ajax() method takes "username" and "password" * settings *(i.e., they are elements of the "settings" argument -- see here<http://api.jquery.com/jQuery.ajax/>) -- "username" and "password" are the names of the settings -- the values passed must of course be the actual username and password. > If I assume for a moment that there is only one app, and I have logged > into it using a username and a password, how would some JavaScript embedded > in index.html make use of it? If everything takes place on a single page (i.e., the login credentials don't have to persist across multiple pages within a user session), then you could just put username and password input fields on the page. Let the user enter the username and password, and use Javascript to grab the values entered. Then pass those values via the jQuery .ajax() method when making the Ajax request. If you need to persist the credentials throughout the user session across multiple pages, you could instead have the user submit the username and password in a form and store them in the session. Whenever you return a page that needs to make Ajax requests, you can populate the username and password values in the .ajax() call with the values from the session. In this case, you should make sure your app uses HTTPS so you won't be sending the password back and forth unencrypted. Hopefully the third-party service also uses HTTPS -- otherwise user credentials will not be secure. > > import requests > from requests.auth import HTTPBasicAuth > payload = {'f_entry': 'somevalue'} > auth=HTTPBasicAuth('user', 'pass') > r = requests.post("http://127.0.0.1:8000/RT/default/api/entries.json",data > =payload, auth=auth) > r = requests.delete("http://127.0.0.1:8000/RT/default/api/entries/1.json",data > =payload, auth=auth) > > Could I somehow make use of this method without explicitly knowing my > password? > You could do something like the above, but it requires two requests to query the service instead of one (i.e., one request to your app, and then a request from your app to the service -- instead of a single Ajax request directly from the user's browser to the service). And it wouldn't help, as you would still need to obtain the username and password in order to make the request from your server to the service. Anthony -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
