You can do exactly that with web2py 2.13.4 https://github.com/web2py/web2py/blob/master/gluon/tools.py#L1200
except you need two validators instead of one: @auth.allow_jwt() @auth.requires_login() which means that you want allow jwt to give you login-like privileges. if you want you can do def requires_jwt(func): return auth.allow_jwt()(auth.requires_login()(func) and then just use @requires_jwt as you want. On Monday, 28 December 2015 13:05:04 UTC-6, Ramos wrote: > > can i do > > @auth.requires_jwt() > > I would like to use web2py just as a rest api , auth included... > > 2015-12-27 7:09 GMT+00:00 Massimo Di Pierro <massimo.dipie...@gmail.com>: > >> good catch! we will have to refactor that to support earlier versions of >> python. >> >> >> On Sunday, 27 December 2015 01:02:09 UTC-6, Lou C wrote: >>> >>> I am running version 2.13.4 on GAE which runs on python 2.7.5. The >>> problem arises when using the @auth.allows_jwt() decorator. The error I get >>> is AttributeError: 'module' object has no attribute 'compare_digest'. >>> Which is being called in : >>> >>> def verify_signature(self, body, signature, secret): >>> mauth = hmac.new(key=secret, msg=body, digestmod=self.digestmod) >>> return hmac.compare_digest(self.jwt_b64e(mauth.digest()), >>> signature) >>> >>> I believe this is because hmac.py uses compare_digest in version 2.7.7. >>> Anyway to use jwt on GAE ? >>> >>> On Friday, December 25, 2015 at 9:04:11 PM UTC-8, Massimo Di Pierro >>> wrote: >>>> >>>> This is issue is now fixed in 2.13.4. :-) >>>> >>>> On Friday, 25 December 2015 22:37:54 UTC-6, Πέτρος Χατζηλάμπρος wrote: >>>>> >>>>> Mrry Christmas!!!! >>>>> >>>>> I found the following bug in version 2.13.3: >>>>> >>>>> I am using linux mint and I have a folder named web2py on the ~/Desktop >>>>> I was using to run web2py by opening terminal and giving the command >>>>> "python ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0". >>>>> After the update to version 2.13.3 the following error appears >>>>> Traceback (most recent call last): >>>>> File "/home/tsouras/Desktop/web2py/web2py.py", line 6, in <module> >>>>> import gluon.widget >>>>> File "/home/tsouras/Desktop/web2py/gluon/widget.py", line 26, in >>>>> <module> >>>>> import gluon.main as main >>>>> File "/home/tsouras/Desktop/web2py/gluon/main.py", line 125, in >>>>> <module> >>>>> raise RuntimeError("Cannot determine web2py version") >>>>> RuntimeError: Cannot determine web2py version >>>>> >>>>> So, I did some debugging and I found out >>>>> that global_settings.gluon_parent is "/home/tsouras" instead of being >>>>> "/home/tsouras/Desktop/web2py" >>>>> I overcome this problem by opening terminal and giving command "cd >>>>> ~Desktop/web2py" before giving the command "python >>>>> ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0" >>>>> >>>>> I did not have this problem using the previous version of web2py >>>>> >>>>> On Thursday, December 24, 2015 at 5:21:42 PM UTC+2, Massimo Di Pierro >>>>> wrote: >>>>>> >>>>>> web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!! >>>>>> >>>>>> It contains some bug fixes for bugs introduced in 2.13.1-2 and most >>>>>> importantly it contains experimental support for JWT. Here is how it >>>>>> works: >>>>>> >>>>>> 1) instantiate auth with >>>>>> >>>>>> auth = Auth(db, jwt = {'secret_key':'secret'}) >>>>>> >>>>>> where 'secret' is your own secret string. >>>>>> >>>>>> 2) Secorate functions that require login but should accept >>>>>> the JWT token credentials: >>>>>> >>>>>> @auth.allows_jwt() >>>>>> @auth.requires_login() >>>>>> def myapi(): return 'hello %s' % auth.user.email >>>>>> >>>>>> Notice jwt is allowed but not required. if user is logged in, >>>>>> myapi is accessible. >>>>>> >>>>>> 3) Use it! >>>>>> Now API users can obtain a token with >>>>>> >>>>>> http://.../app/default/user/jwt?username=...&password=.... >>>>>> >>>>>> (returns json object with a token attribute) >>>>>> API users can refresh an existing token with >>>>>> >>>>>> http://.../app/default/user/jwt?token=... >>>>>> >>>>>> they can authenticate themselves when calling http:/.../myapi >>>>>> by injecting a header >>>>>> >>>>>> Authorization: Bearer <the jwt token> >>>>>> >>>>>> Any additional attributes in the jwt argument of Auth() below: >>>>>> >>>>>> auth = Auth(db, jwt = {...}) >>>>>> >>>>>> are passed to the constructor of class AuthJWT. Look there >>>>>> for documentation. >>>>>> >>>>>> Thanks Niphlod again for implementing this. >>>>>> Please help us check it so we will declare it stable in the next >>>>>> release. >>>>>> >>>>>> Massimo >>>>>> >>>>>> >>>>>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.