Ooops, my browser didn't show me this first attempt succeeded. 2nd attempt has the tags; please go there. -d
On Friday, November 17, 2017 at 10:14:20 PM UTC-8, Dave S wrote: > > > Between the docstrings in gluon/tools.py and this thread from 15 months > ago, > <URL:https://groups.google.com/d/topic/web2py/p9HE6pnf-VE/discussion> > I finally tried and succeeded with doing a JWT test. Thanks, Niphlod! > > As in the thread, I used the auth = Auth(..., jwt = {} ) technique. The > AuthJWT docstrings imply that I could go direct after Auth was initialized, > but I didn't understand how to do the import statement. I don't think I > need the lower-level method, but if I get inspired to update the book [*], > I'd like to be able make the proper remarks. > > I was able to use curl to get the token (-o), and to return it (-H plus > the BASH backquote feature after editing the file to unwrap the token from > the JSON), so that was handy. > > I am a bit confused about sessions. The test function I used incremented > and returned a counter in the session object. When using a browser > (ordinary login), this incremented nicely. When using the JWT technique, > the same value was returned each time. > That is, > if session.tcount: > session.tcount += 1 > else: > session.tcount = 1 > return "%d" % (session.tcount) > > > returned 1, 2, 3, 4, .... for the browser, and 1, 1, 1, 1, .... for my > curl-JWT accesses. If I wait long enough, the token expires as expected > (not very long for the default), but before it expires it acts like the > session stays around to keep me "logged in", but also like the session is > new every time for the tcount variable. Is that intended behavior, did I > forget something, or did I find a hole? > > * Chapter 9, with a forward reference to Chapter 10, or Chapter 10 with a > reference back to Chapter 9? > > /dps > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.