> *command :*
> curl -H "Authorization: Bearer paste_jwt_token_here" 
> *result:*
> data shown without user credentials
> *expected result:*
> data not shown without user credentials
> any idea? or is it normal because from code above i've used 
> @auth.requires.login() even put the auth.is_logged_in() decorator?

Credentials are needed to get a token, not to use the token. There would be 
no point to the token if it required the credentials to be provided and 
verified along with it. The token itself serves as verification that the 
user is authorized.


- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to