On Sat, May 12, 2012 at 2:00 PM, david.waldrop <[email protected]> wrote:
> This is my 2nd attempt at trying to dig in and understand web2py services
> and authorization. I saw posts about various ways (digest, basic auth,
> https, etc) fro securing web services, but am not sure which one to use. In
> my case I am building a mobile app and need to secure the webservice calls
> to and from the server. Has anyone done this before? What is the best
> means of authenticating web services using web2py? Are there any real
> examples available for reference?
Auth basic is the most trivial to implement, but the least secure.
If you go with basic, at least use HTTPS.
Some big players are using OAuth.
> Right now I have implemented a webservce and can successfully invoke and
> receive results in json.
> When I attempt to add authorization I get redirected to login.
>
This works for me:
controller: default.py - there is no need for models or views in this example:
db = db = DAL('sqlite:memory')
from gluon.tools import Auth, Service
auth = Auth(db, hmac_key='somekey')
auth.settings.allow_basic_login = True
#auth.settings.allow_basic_login_only = True
auth.define_tables()
crypt = CRYPT(key=auth.settings.hmac_key)
password, error = crypt('1234')
db.auth_user.insert(email="[email protected]", password=password)
service = Service()
@auth.requires_login()
def index():
session.forget()
return "OK"
def user():
return auth()
@auth.requires_login()
def call():
session.forget()
return service()
@service.json
def getMeetings(userid):
return 'meetings for %s' % userid
Ricardo
