This reminds me. Niphlod's code should go into web2py soon.
On Monday, 14 September 2015 13:26:00 UTC-5, Dave S wrote:
>
>
>
> On Saturday, September 12, 2015 at 5:02:28 PM UTC-7, Darko Colic wrote:
>>
>> Hello,
>> I'm trying to use web2py to build a JSON based API (not REST though) for
>> a mobile and single-page-application client.
>>
>> I wonder if there is a simple way to use Web2py internals like auth and
>> session global object for such a case?
>>
>> For example, in regular web-based app web2py "magically" restore a user
>> and a session using cookies. In API environment it is not possible. Would
>> it be possible instead to generate a token upon a login and then associate
>> auth and session objects with that token. Then on every API function that
>> requires login perform a decoration function to look up a token that client
>> sends and restore auth and session objects associated with it, and later
>> use it in the function as we would in a normal web-based app. Is there a
>> way to do that?
>>
>>
>>
>
> Niphlod has a token package (in "alpha" testing, I think) that implements
> JWT for Web2Py. I don't know if that would do what you want, but it should
> do most of it.
>
> From his post on the developer's list, here's his quick sample:
>
> As per "original" demand of covering one-time-issued tokens, the "jti"
>> claim is the standard, and can be easily implemented, imagining to store
>> valid tokens in a database table:
>>
>> db.define_table('jwt_tokens', Field('token'), Field('user_id'), Field(
>> 'inserted_on', 'datetime', default=request.now))
>>
>> def myadditional_payload(payload):
>> res = db(db.jwt_tokens.user_id == payload['user']['id']).select(
>> orderby=~db.jwt_tokens.inserted_on).first()
>> payload['jti'] = res.token
>> return payload
>>
>> def mybefore_authorization(tokend):
>> res = db(
>> (db.jwt_tokens.user_id == tokend['user']['id']) &
>> (db.jwt_tokens.token == tokend['jti'])
>> ).select().first()
>> if not res:
>> raise HTTP(400, u'Invalid JWT jti claim')
>>
>> myjwt = Web2pyJwt('secret', auth,
>> additional_payload=additional_payload,
>> before_authorization=mybefore_authorization)
>>
>
> <URL:
> https://groups.google.com/d/msg/web2py-developers/dXfUrHNI5Sg/gqNa3kXsCQAJ>
>
>
>
> Look for reports on testing of the package soon.
>
> /dps
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
