Has there been updates on this. I am working on using web2py as a backend
for my mobile app. Where there are no privileged cookies to track, is
Niphlod's solution the best so far Dave Lypka suggested a few modification
to the source, which I am not comfortable doing unless really necessary.
On Tuesday, 15 September 2015 09:19:30 UTC+8, Massimo Di Pierro wrote:
>
> This reminds me. Niphlod's code should go into web2py soon.
>
> On Monday, 14 September 2015 13:26:00 UTC-5, Dave S wrote:
>>
>>
>>
>> On Saturday, September 12, 2015 at 5:02:28 PM UTC-7, Darko Colic wrote:
>>>
>>> Hello,
>>> I'm trying to use web2py to build a JSON based API (not REST though) for
>>> a mobile and single-page-application client.
>>>
>>> I wonder if there is a simple way to use Web2py internals like auth and
>>> session global object for such a case?
>>>
>>> For example, in regular web-based app web2py "magically" restore a user
>>> and a session using cookies. In API environment it is not possible. Would
>>> it be possible instead to generate a token upon a login and then associate
>>> auth and session objects with that token. Then on every API function that
>>> requires login perform a decoration function to look up a token that client
>>> sends and restore auth and session objects associated with it, and later
>>> use it in the function as we would in a normal web-based app. Is there a
>>> way to do that?
>>>
>>>
>>>
>>
>> Niphlod has a token package (in "alpha" testing, I think) that implements
>> JWT for Web2Py. I don't know if that would do what you want, but it should
>> do most of it.
>>
>> From his post on the developer's list, here's his quick sample:
>>
>> As per "original" demand of covering one-time-issued tokens, the "jti"
>>> claim is the standard, and can be easily implemented, imagining to store
>>> valid tokens in a database table:
>>>
>>> db.define_table('jwt_tokens', Field('token'), Field('user_id'), Field(
>>> 'inserted_on', 'datetime', default=request.now))
>>>
>>> def myadditional_payload(payload):
>>> res = db(db.jwt_tokens.user_id == payload['user']['id']).select(
>>> orderby=~db.jwt_tokens.inserted_on).first()
>>> payload['jti'] = res.token
>>> return payload
>>>
>>> def mybefore_authorization(tokend):
>>> res = db(
>>> (db.jwt_tokens.user_id == tokend['user']['id']) &
>>> (db.jwt_tokens.token == tokend['jti'])
>>> ).select().first()
>>> if not res:
>>> raise HTTP(400, u'Invalid JWT jti claim')
>>>
>>> myjwt = Web2pyJwt('secret', auth,
>>> additional_payload=additional_payload,
>>> before_authorization=mybefore_authorization)
>>>
>>
>> <URL:
>> https://groups.google.com/d/msg/web2py-developers/dXfUrHNI5Sg/gqNa3kXsCQAJ>
>>
>>
>>
>> Look for reports on testing of the package soon.
>>
>> /dps
>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
