That was easy. Thank you! Those were two two lines of code I was looking for!
On Monday, September 14, 2020 at 6:59:26 PM UTC+2 [email protected] wrote: > Nope, its not stupid. > > At least not as long as you store data in the local database of your app > that is not stored in the directory of your identity management system. > Then you would just duplicate data and I would just use the claims from > the IDM to work in the app. > But if your app stores data about the user that is not stored in the IDM > for example if you have a web shop and you want to store the > puchase history, > you probably do not want to store that in your IDM directory but leave in > the local database. In order for your app to understand what data to pull > for that user from > the local datatabase it is important to create the user entity in the > local app as well as have it the IDM. > I usually check if a user that just authenticated via the IDM is already > in the database and if not I create / update the user in the local > database. > > In terms loggin users in I think it web2py it was straight forward if I > remember correctly.. > > Looking at ths snipped: > > http://www.web2pyslices.com/slice/show/1443/auto-login-when-you-come-from-localhost > > I think you can extract the username from the token and then do: > > user = db(db.auth_user.username==username).select().first() > auth.user = user > > > > > Am Mo., 14. Sept. 2020 um 08:14 Uhr schrieb hiro <[email protected]>: > >> Thank you! You are spot on. I have redirected the user to a Single Signon >> page, and got redirected back with a token, that I then use the requests >> library and my key to validate to extract the username and permissions. >> >> I already have the users in the default auth tables, so basically now >> that user X has provided av valid token I want to be able to login that >> user. >> >> Maybe that is just stupid? Maybe one should just use the extracted data >> as from the token and never store any of it in the internal user database? >> >> >> >> On Friday, September 11, 2020 at 5:13:18 PM UTC+2 [email protected] >> wrote: >> >>> I am not sure I understand what you have done completely, but let me >>> give it a shot at the point where you ask how to validate a jwt token. >>> >>> The IDP that created the JWT token will sign the JWT token. >>> So you need to send the token e.g. via POST to web2py and then use pyjwt >>> to verify the token with however means that token was signed. >>> Maybe a simple passphrase, shared key, public key etc. >>> >>> Once you verified the signature you can use pyjwt >>> to load the contents of the token into a python dict. >>> Some IDPs include information about the person loggin in as "claims". >>> Info such as First Name, Last Name, Email, Username/Displayname etc. you >>> can extract those information >>> and create the user in web2py and log the user in with a web2py session. >>> >>> Some IDPs do not put anything in the token and ask you to use the jwt >>> token to call a userinfo endpoint (restful api of the IDP), >>> to extract more info about the user directly from the IDP instead of >>> from the token. >>> >>> The token usually was issued with certian scopes e.g. openid, profile, >>> email and depending on the scopes of the token, the IDP will either >>> give this information or not. >>> Usually you also have to whitelist in the IDP from which hosts such a >>> call can come from and which hosts can actually obtain tokens etc. >>> >>> >>> >>> Am Fr., 11. Sept. 2020 um 16:06 Uhr schrieb hiro <[email protected]>: >>> >>>> Hi, quick question! >>>> >>>> I am working on an internal API using web2py and the organization I am >>>> working for wants us to use JWTs. I have had no success with the JWTAuth >>>> in >>>> the tools file, but have successfully been able to redirect to the single >>>> sing-on provider and then validate the token as the single sign on >>>> provider >>>> redirects back to the web2py service. >>>> >>>> So basically I have been able to validate that a user with a given >>>> username is allowed to log in. Now, the question becomes, how do I log in >>>> the user? >>>> >>>> Assume the user already exists within the Auth DB for now. In the long >>>> run I will need to update user permission and LDAP groups and so on, but >>>> now I just need how to login problematically when I know the user is >>>> allowed to login by a validated JWT token, but I have no password or >>>> anything else except the username, >>>> >>>> >>>> # Code to validate JWT token.. >>>> >>>> username = validated_jwt_token.preffered_username. >>>> Auth.login(username) >>>> >>>> # User should now be logged in. >>>> >>>> Any idea? >>>> Thanks! >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/web2py/0c6cfe00-9e4d-416a-b547-76809c19e751o%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/web2py/0c6cfe00-9e4d-416a-b547-76809c19e751o%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/web2py/876f7f64-836e-4d20-8e7b-102fec2518edn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/web2py/876f7f64-836e-4d20-8e7b-102fec2518edn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/749f7cc9-4cbf-4fdc-87fa-121c1afb75d2n%40googlegroups.com.
