I am not sure I understand what you have done completely, but let me give it a shot at the point where you ask how to validate a jwt token.
The IDP that created the JWT token will sign the JWT token. So you need to send the token e.g. via POST to web2py and then use pyjwt to verify the token with however means that token was signed. Maybe a simple passphrase, shared key, public key etc. Once you verified the signature you can use pyjwt to load the contents of the token into a python dict. Some IDPs include information about the person loggin in as "claims". Info such as First Name, Last Name, Email, Username/Displayname etc. you can extract those information and create the user in web2py and log the user in with a web2py session. Some IDPs do not put anything in the token and ask you to use the jwt token to call a userinfo endpoint (restful api of the IDP), to extract more info about the user directly from the IDP instead of from the token. The token usually was issued with certian scopes e.g. openid, profile, email and depending on the scopes of the token, the IDP will either give this information or not. Usually you also have to whitelist in the IDP from which hosts such a call can come from and which hosts can actually obtain tokens etc. Am Fr., 11. Sept. 2020 um 16:06 Uhr schrieb hiro <[email protected]>: > Hi, quick question! > > I am working on an internal API using web2py and the organization I am > working for wants us to use JWTs. I have had no success with the JWTAuth in > the tools file, but have successfully been able to redirect to the single > sing-on provider and then validate the token as the single sign on provider > redirects back to the web2py service. > > So basically I have been able to validate that a user with a given > username is allowed to log in. Now, the question becomes, how do I log in > the user? > > Assume the user already exists within the Auth DB for now. In the long run > I will need to update user permission and LDAP groups and so on, but now I > just need how to login problematically when I know the user is allowed to > login by a validated JWT token, but I have no password or anything else > except the username, > > > # Code to validate JWT token.. > > username = validated_jwt_token.preffered_username. > Auth.login(username) > > # User should now be logged in. > > Any idea? > Thanks! > > > > > > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/web2py/0c6cfe00-9e4d-416a-b547-76809c19e751o%40googlegroups.com > <https://groups.google.com/d/msgid/web2py/0c6cfe00-9e4d-416a-b547-76809c19e751o%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CADHCKLSb8r_ePec%2B6c8iEWiru_zQL9pYsEBB1k5N-LbpKCw_4g%40mail.gmail.com.
