i have configured my system to be an oauth provider and added a decorator to all RESTful calls to validate the oauth signature. yes, i do this on each request that i require authentication for.
On Tuesday, May 28, 2013 6:01:11 AM UTC-7, Ruben D. Orduz wrote: > > Yes, most REST patterns I've seen are handled either by http basic auth or > else request signing. Either option requires handling that on each call. > > > On Tue, May 28, 2013 at 4:54 AM, Michele Comitini > <[email protected]<javascript:> > > wrote: > >> REST is stateless so you should not rely on session, hence you can use >> >> auth.settings.allow_basic_login = True >> >> see here >> http://web2py.com/books/default/chapter/29/10#Access-Control >> >> for proper (as per RFC) authentication challenge with realm use: >> >> @auth.basich(basic_auth_real=<True|"any string">) >> >> An alternative is to pass an argument or a parameter with authencation >> info and use >> auth.login_bare >> >> Anyway you must pass authentication info with each call since being the >> service stateless the server has no way to recognize the client. >> >> mic >> >> >> 2013/5/27 Ray (a.k.a. Iceberg) <[email protected] <javascript:>> >> >>> Hi Alec, >>> >>> On Tuesday, July 17, 2012 1:03:04 AM UTC+8, Alec Taylor wrote: >>>> >>>> On Tue, Jul 17, 2012 at 2:20 AM, David Marko <[email protected]> wrote: >>>> > +1 from me having this. Btw. On client side i'm using AngularJS and >>>> Trigger.io (instead of PhoneGap) >>>> >>>> I've been looking around, and will have one of the following setups: >>>> >>>> - *AngularJS <http://angularjs.org/>* with >>>> *BarristerRPC<http://barrister.bitmechanic.com/> >>>> * >>>> - *BackboneJS <http://backbonejs.org/>* with >>>> *Backbone.Rpc<https://github.com/asciidisco/Backbone.Rpc> >>>> * >>>> - *JQuery mobile* <http://jquerymobile.com/> with >>>> *jquery-jsonrpc*<https://github.com/datagraph/jquery-jsonrpc>(or plain >>>> JSON.stringify) >>>> >>>> All within a *PhoneGap <http://phonegap.com/>* (*Apache >>>> Cordova<http://incubator.apache.org/cordova/> >>>> *) app using the* Facebook connect >>>> plugin<https://github.com/davejohnson/phonegap-plugin-facebook-connect> >>>> * for authentication (for graceful downgrade from Facebook mobile >>>> app<https://www.facebook.com/mobile/>to Facebook >>>> website auth <https://touch.facebook.com>). >>>> >>>> I should have a PoC <http://en.wikipedia.org/wiki/Proof_of_Concept> on >>>> August 2 with a full backend written in web2py and two frontends (one in >>>> web2py views; the other in one of the above frameworks). >>>> >>>> Subsequently I'll release it under a full open-source license onto >>>> Bitbucket. I'll post to the web2py list with link + slides when the repo >>>> is >>>> live >>>> >>> >>> Sorry for late response. I am a web2py veteran who dives into restful >>> world only recently. Do you have any finding to share about the restful >>> authentication in web2py? Thanks in advance! >>> >>> Regards, >>> Ray >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "web2py-users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/web2py/FyxbO0WGMhU/unsubscribe?hl=en. >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
