jwt has been included a few months ago.
On Monday, June 20, 2016 at 5:02:36 AM UTC+2, rāma wrote:
>
> Has there been updates on this. I am working on using web2py as a backend
> for my mobile app. Where there are no privileged cookies to do tracking, is
> Niphlod's solution the best so far? Dave Lypka suggested a few modification
> to the source, which I am not comfortable doing unless really necessary.
>
> On Tuesday, 15 September 2015 09:19:30 UTC+8, Massimo Di Pierro wrote:
>>
>> This reminds me. Niphlod's code should go into web2py soon.
>>
>> On Monday, 14 September 2015 13:26:00 UTC-5, Dave S wrote:
>>>
>>>
>>>
>>> On Saturday, September 12, 2015 at 5:02:28 PM UTC-7, Darko Colic wrote:
>>>>
>>>> Hello,
>>>> I'm trying to use web2py to build a JSON based API (not REST though)
>>>> for a mobile and single-page-application client.
>>>>
>>>> I wonder if there is a simple way to use Web2py internals like auth and
>>>> session global object for such a case?
>>>>
>>>> For example, in regular web-based app web2py "magically" restore a user
>>>> and a session using cookies. In API environment it is not possible. Would
>>>> it be possible instead to generate a token upon a login and then associate
>>>> auth and session objects with that token. Then on every API function that
>>>> requires login perform a decoration function to look up a token that
>>>> client
>>>> sends and restore auth and session objects associated with it, and later
>>>> use it in the function as we would in a normal web-based app. Is there a
>>>> way to do that?
>>>>
>>>>
>>>>
>>>
>>> Niphlod has a token package (in "alpha" testing, I think) that
>>> implements JWT for Web2Py. I don't know if that would do what you want,
>>> but it should do most of it.
>>>
>>> From his post on the developer's list, here's his quick sample:
>>>
>>> As per "original" demand of covering one-time-issued tokens, the "jti"
>>>> claim is the standard, and can be easily implemented, imagining to store
>>>> valid tokens in a database table:
>>>>
>>>> db.define_table('jwt_tokens', Field('token'), Field('user_id'), Field(
>>>> 'inserted_on', 'datetime', default=request.now))
>>>>
>>>> def myadditional_payload(payload):
>>>> res = db(db.jwt_tokens.user_id == payload['user']['id']).select(
>>>> orderby=~db.jwt_tokens.inserted_on).first()
>>>> payload['jti'] = res.token
>>>> return payload
>>>>
>>>> def mybefore_authorization(tokend):
>>>> res = db(
>>>> (db.jwt_tokens.user_id == tokend['user']['id']) &
>>>> (db.jwt_tokens.token == tokend['jti'])
>>>> ).select().first()
>>>> if not res:
>>>> raise HTTP(400, u'Invalid JWT jti claim')
>>>>
>>>> myjwt = Web2pyJwt('secret', auth,
>>>> additional_payload=additional_payload,
>>>> before_authorization=mybefore_authorization)
>>>>
>>>
>>> <URL:
>>> https://groups.google.com/d/msg/web2py-developers/dXfUrHNI5Sg/gqNa3kXsCQAJ>
>>>
>>>
>>>
>>> Look for reports on testing of the package soon.
>>>
>>> /dps
>>>
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
