> > *command :* > curl -H "Authorization: Bearer paste_jwt_token_here" > http://127.0.0.1:8000/test/api/header_jwt/table/1 > *result:* > data shown without user credentials > *expected result:* > data not shown without user credentials > > any idea? or is it normal because from code above i've used > @auth.requires.login() even put the auth.is_logged_in() decorator? >
Credentials are needed to get a token, not to use the token. There would be no point to the token if it required the credentials to be provided and verified along with it. The token itself serves as verification that the user is authorized. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.