I'm already working with this now. Since I'm planning make my actual webapp only to a API based, and in other side, the frontend as a client of this API with angularjs.
I think I'm more interested in do a session token based authentication like this. https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/ On 31 July 2014 07:19, lyn2py <[email protected]> wrote: > Thanks Leonel! I just thought that web2py had something like that already > in place, perhaps needed to add a correct decorator, and I didn't need to > reinvent the wheel. > > Sidenote to Massimo: What do you think of the idea? Have a decorator to > check for a special field or fields (API key related, like API key, API > secret) in order to get a particular / restricted access to the API calls. > > > > On Thursday, July 31, 2014 2:06:21 AM UTC+8, Leonel Câmara wrote: >> >> An easy way would be to have your default.py/call function check the >> API key and raise HTTP(403) if it's not valid. You could subclass Auth, >> make your own basic_login using the API key, use that as the Auth for your >> application, and then use auth.requires_login() in call, but it seems >> unnecessarily complicated for this. >> > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
