Re: [web2py] API Rest authenticatio
On Saturday, April 26, 2014 7:20:02 AM UTC-7, Samuel Marks wrote: I'm a big RFC6749 fan Quite simple; and you can implement your own custom grant for e.g.: higher security using x509 certificates. Is there a handy link to a good discussion of that? I was concerned by the arguments from http://hueniverse.com/2010/09/15/oauth-2-0-without-signatures-is-bad-for-the-web/ so I'm wondering how to improve on WRAP (and hoping it's been done, and I just have to follow the recipe). Not that I'm ready to provide a discoverable API, but I've already used up a few corners in painting myself into. /dps -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] API Rest authenticatio
attached is our auth code. i made a few minor adjustments to remove some things that are specific to our app - hopefully it still runs. note that we use this as a decorator to controller methods. On Saturday, April 26, 2014 6:09:13 PM UTC-7, samuel bonill wrote: Yes Christian, I'd like take a look... 2014-04-26 17:24 GMT-05:00 Christian Foster Howes: i have an oauth implementation that i used on app engine. i can try and clean it up a touch and share it if you would like. cfh On Saturday, April 26, 2014 7:05:55 AM UTC-7, samuel bonill wrote: thanks Marks, i'm using phonegap(android, iOS) as my client and angularjs consume the API Rest. x509 its grate but, work x509 on app engine ?, or what do you think about use Oauth 2.0 http://oauth.net/2/ ? 2014-04-25 21:41 GMT-05:00 Samuel Marks: Sure, take a look at x509 at http://web2py.com/books/ default/chapter/29/09/access-control Samuel Marks http://linkedin.com/in/samuelmarks On Sat, Apr 26, 2014 at 12:33 PM, samuel bonill wrote: is there an example of API Rest authentication based in private/public key with web2py?? i don't want use username and password tokens for each request -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/ topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. import logging import json # using oauth2 lib from https://github.com/simplegeo/python-oauth2 import oauth2 as oauth import uuid from functools import wraps from gluon.http import HTTP from gluon.globals import current from google.appengine.api import memcache # before conditional models we came up with our own way to do this # you probably have a different implementation from datamodel import models # a utitlity for figuring out client versions etc from a user agent # specific to our app from apprequest import parse_user_agent class Consumer(dict): pass class XAuthServer(oauth.Server): timestamp_threshold = 86400 # In seconds, 1 day def generate_consumer_token(self): key = str(uuid.uuid4()) secret = str(uuid.uuid4()) return oauth.Token(key, secret) def generate_access_token(self): key = str(uuid.uuid4()) secret = str(uuid.uuid4()) return oauth.Token(key, secret) class XAuthProvider(object): def __init__(self, *args, **kwargs): self._server = XAuthServer() self._server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) def get_client(self, request=None): Return the client from the OAuth parameters. if not isinstance(request, oauth.Request): raise ValueError('Request is not an oauth request.') client_key = request.get_parameter('oauth_consumer_key') if not client_key: raise Exception('Missing oauth_consumer_key parameter in ' \ 'OAuth Authorization header') client = models.client.get_client_by_oauth_key(client_key) if not client: raise Exception('Client %s
Re: [web2py] API Rest authenticatio
Thanks Christian... 2014-04-27 12:58 GMT-05:00 Christian Foster Howes cfho...@gmail.com: attached is our auth code. i made a few minor adjustments to remove some things that are specific to our app - hopefully it still runs. note that we use this as a decorator to controller methods. On Saturday, April 26, 2014 6:09:13 PM UTC-7, samuel bonill wrote: Yes Christian, I'd like take a look... 2014-04-26 17:24 GMT-05:00 Christian Foster Howes: i have an oauth implementation that i used on app engine. i can try and clean it up a touch and share it if you would like. cfh On Saturday, April 26, 2014 7:05:55 AM UTC-7, samuel bonill wrote: thanks Marks, i'm using phonegap(android, iOS) as my client and angularjs consume the API Rest. x509 its grate but, work x509 on app engine ?, or what do you think about use Oauth 2.0 http://oauth.net/2/ ? 2014-04-25 21:41 GMT-05:00 Samuel Marks: Sure, take a look at x509 at http://web2py.com/books/defaul t/chapter/29/09/access-control Samuel Marks http://linkedin.com/in/samuelmarks On Sat, Apr 26, 2014 at 12:33 PM, samuel bonill wrote: is there an example of API Rest authentication based in private/public key with web2py?? i don't want use username and password tokens for each request -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/to pic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/ topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] API Rest authenticatio
thanks Marks, i'm using phonegap(android, iOS) as my client and angularjs consume the API Rest. x509 its grate but, work x509 on app engine ?, or what do you think about use Oauth 2.0 http://oauth.net/2/ ? 2014-04-25 21:41 GMT-05:00 Samuel Marks samuelma...@gmail.com: Sure, take a look at x509 at http://web2py.com/books/default/chapter/29/09/access-control Samuel Marks http://linkedin.com/in/samuelmarks On Sat, Apr 26, 2014 at 12:33 PM, samuel bonill pythonn...@gmail.comwrote: is there an example of API Rest authentication based in private/public key with web2py?? i don't want use username and password tokens for each request -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] API Rest authenticatio
I'm a big RFC6749 fan Quite simple; and you can implement your own custom grant for e.g.: higher security using x509 certificates. Samuel Marks http://linkedin.com/in/samuelmarks On 27/04/2014 12:05 am, samuel bonill pythonn...@gmail.com wrote: thanks Marks, i'm using phonegap(android, iOS) as my client and angularjs consume the API Rest. x509 its grate but, work x509 on app engine ?, or what do you think about use Oauth 2.0 http://oauth.net/2/ ? 2014-04-25 21:41 GMT-05:00 Samuel Marks samuelma...@gmail.com: Sure, take a look at x509 at http://web2py.com/books/default/chapter/29/09/access-control Samuel Marks http://linkedin.com/in/samuelmarks On Sat, Apr 26, 2014 at 12:33 PM, samuel bonill pythonn...@gmail.comwrote: is there an example of API Rest authentication based in private/public key with web2py?? i don't want use username and password tokens for each request -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] API Rest authenticatio
i have an oauth implementation that i used on app engine. i can try and clean it up a touch and share it if you would like. cfh On Saturday, April 26, 2014 7:05:55 AM UTC-7, samuel bonill wrote: thanks Marks, i'm using phonegap(android, iOS) as my client and angularjs consume the API Rest. x509 its grate but, work x509 on app engine ?, or what do you think about use Oauth 2.0 http://oauth.net/2/ ? 2014-04-25 21:41 GMT-05:00 Samuel Marks samuelma...@gmail.com: Sure, take a look at x509 at http://web2py.com/books/default/chapter/29/09/access-control Samuel Marks http://linkedin.com/in/samuelmarks On Sat, Apr 26, 2014 at 12:33 PM, samuel bonill pythonn...@gmail.comwrote: is there an example of API Rest authentication based in private/public key with web2py?? i don't want use username and password tokens for each request -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] API Rest authenticatio
Yes Christian, I'd like take a look... 2014-04-26 17:24 GMT-05:00 Christian Foster Howes cfho...@gmail.com: i have an oauth implementation that i used on app engine. i can try and clean it up a touch and share it if you would like. cfh On Saturday, April 26, 2014 7:05:55 AM UTC-7, samuel bonill wrote: thanks Marks, i'm using phonegap(android, iOS) as my client and angularjs consume the API Rest. x509 its grate but, work x509 on app engine ?, or what do you think about use Oauth 2.0 http://oauth.net/2/ ? 2014-04-25 21:41 GMT-05:00 Samuel Marks samuelma...@gmail.com: Sure, take a look at x509 at http://web2py.com/books/ default/chapter/29/09/access-control Samuel Marks http://linkedin.com/in/samuelmarks On Sat, Apr 26, 2014 at 12:33 PM, samuel bonill pythonn...@gmail.comwrote: is there an example of API Rest authentication based in private/public key with web2py?? i don't want use username and password tokens for each request -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/ topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to a topic in the Google Groups web2py-users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/lXfe0tpGi8U/unsubscribe. To unsubscribe from this group and all its topics, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] API Rest authenticatio
is there an example of API Rest authentication based in private/public key with web2py?? i don't want use username and password tokens for each request -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] API Rest authenticatio
Sure, take a look at x509 at http://web2py.com/books/default/chapter/29/09/access-control Samuel Marks http://linkedin.com/in/samuelmarks On Sat, Apr 26, 2014 at 12:33 PM, samuel bonill pythonn...@gmail.comwrote: is there an example of API Rest authentication based in private/public key with web2py?? i don't want use username and password tokens for each request -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.