Should this thread be unpinned and the 2.13.4 thread pinned instead?
/dps
On Thursday, December 24, 2015 at 7:21:42 AM UTC-8, Massimo Di Pierro wrote:
>
> web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!!
>
> It contains some bug fixes for bugs introduced in 2.13.1-2 and most
> importantly it contains experimental support for JWT. Here is how it works:
>
> 1) instantiate auth with
>
> auth = Auth(db, jwt = {'secret_key':'secret'})
>
> where 'secret' is your own secret string.
>
> 2) Secorate functions that require login but should accept the JWT
> token credentials:
>
> @auth.allows_jwt()
> @auth.requires_login()
> def myapi(): return 'hello %s' % auth.user.email
>
> Notice jwt is allowed but not required. if user is logged in,
> myapi is accessible.
>
> 3) Use it!
> Now API users can obtain a token with
>
> http://.../app/default/user/jwt?username=...&password=....
>
> (returns json object with a token attribute)
> API users can refresh an existing token with
>
> http://.../app/default/user/jwt?token=...
>
> they can authenticate themselves when calling http:/.../myapi by
> injecting a header
>
> Authorization: Bearer <the jwt token>
>
> Any additional attributes in the jwt argument of Auth() below:
>
> auth = Auth(db, jwt = {...})
>
> are passed to the constructor of class AuthJWT. Look there for
> documentation.
>
> Thanks Niphlod again for implementing this.
> Please help us check it so we will declare it stable in the next release.
>
> Massimo
>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
