Between the docstrings in gluon/tools.py and this thread from 15 months
ago,
<URL:https://groups.google.com/d/topic/web2py/p9HE6pnf-VE/discussion>
I finally tried and succeeded with doing a JWT test. Thanks, Niphlod!
As in the thread, I used the auth = Auth(..., jwt = {} ) technique. The
AuthJWT docstrings imply that I could go direct after Auth was initialized,
but I didn't understand how to do the import statement. I don't think I
need the lower-level method, but if I get inspired to update the book [*],
I'd like to be able make the proper remarks.
I was able to use curl to get the token (-o), and to return it (-H plus the
BASH backquote feature after editing the file to unwrap the token from the
JSON), so that was handy.
I am a bit confused about sessions. The test function I used incremented
and returned a counter in the session object. When using a browser
(ordinary login), this incremented nicely. When using the JWT technique,
the same value was returned each time.
That is,
if session.tcount:
session.tcount += 1
else:
session.tcount = 1
return "%d" % (session.tcount)
returned 1, 2, 3, 4, .... for the browser, and 1, 1, 1, 1, .... for my
curl-JWT accesses. If I wait long enough, the token expires as expected
(not very long for the default), but before it expires it acts like the
session stays around to keep me "logged in", but also like the session is
new every time for the tcount variable. Is that intended behavior, did I
forget something, or did I find a hole?
* Chapter 9, with a forward reference to Chapter 10, or Chapter 10 with a
reference back to Chapter 9?
/dps
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
