[web2py] Re: How to restrict access to a public webservice using a key?
everything in auth has underlying defaults to have an entity (usually, the
user) to authenticate. if it's not authenticated, then it's usually
redirected to the login page. see auth.requires signature in deep if you
want to use it as a standard "block this if this condition isn't met"
style-decorator.
On Thursday, September 29, 2016 at 3:28:05 PM UTC+2, Lisandro wrote:
>
> Thanks Niphlod, nice and clean solution.
> I was trying to just that, but I was trying to validate that token using
> the decorator @auth.requires(lambda: validate_token()) for the call()
> method, but it always returned a 303 code. I also tried with a custom
> decorator, with no luck.
> Anyway, your suggested solution is more than enough for me, so I'll
> proceed with that.
>
> Thank you both for your time!
>
> Best regards,
> Lisandro.
>
> El miércoles, 28 de septiembre de 2016, 18:42:04 (UTC-3), Niphlod escribió:
>>
>> jwt is the emerging standard for apis and such, but if the usage is
>> all-internal, why don't you just start simple and do
>>
>>
>> if request.vars.token not in ('xa', 'bbxb', 'cc'):
>> raise HTTP(403)
>>
>> ?
>>
>> On Wednesday, September 28, 2016 at 2:15:19 PM UTC+2, Marlysson Silva
>> wrote:
>>>
>>> This is what you need:
>>>
>>> http://web2py.readthedocs.io/en/latest/tools.html#gluon.tools.Auth.jwt
>>>
>>> Json Web Token , communications to services "rest" .. I think that
>>> facilitates your work
>>>
>>> Em quarta-feira, 28 de setembro de 2016 08:57:59 UTC-3, Lisandro
>>> escreveu:
Hi there!
I have a web2py app that implements a JSON-RPC public webservice, over
HTTPS.
It's public as it doesn't require user and password to authenticate.
However, the webservice is only consumed by a set of other applications
that I manage.
So I would like those apps to use a key in order to connect to the
webservice.
I'm trying to do such thing with a custom decorator, but I can't make
it work.
This is what I have:
from gluon.tools import Service
service = Service()
def validate_key():
return True
@auth.requires(lambda: validate_key())
def call():
session.forget()
return service()
@service.jsonrpc
def test():
return 'test ok'
But when I try to connect to the webservice, I receive this error:
ProtocolError: >>> OTHER>
I'm not sure if what I'm tying to do is possible in that way.
I know that I can apply the @auth.requires_login() decorator to the
call() method, but that would force me to create users for every app using
the webservice, and that's not wat I want. I would like to simply generate
a key for every app that needs to use the webservice, and then ask the
applications to use that key (either in the call to connect to the
webservice, or in every call to any method of the webservice).
What would be the correct approach?
Thanks in advance.
Regards,
Lisandro.
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Re: How to restrict access to a public webservice using a key?
Thanks Niphlod, nice and clean solution.
I was trying to just that, but I was trying to validate that token using
the decorator @auth.requires(lambda: validate_token()) for the call()
method, but it always returned a 303 code. I also tried with a custom
decorator, with no luck.
Anyway, your suggested solution is more than enough for me, so I'll proceed
with that.
Thank you both for your time!
Best regards,
Lisandro.
El miércoles, 28 de septiembre de 2016, 18:42:04 (UTC-3), Niphlod escribió:
>
> jwt is the emerging standard for apis and such, but if the usage is
> all-internal, why don't you just start simple and do
>
>
> if request.vars.token not in ('xa', 'bbxb', 'cc'):
> raise HTTP(403)
>
> ?
>
> On Wednesday, September 28, 2016 at 2:15:19 PM UTC+2, Marlysson Silva
> wrote:
>>
>> This is what you need:
>>
>> http://web2py.readthedocs.io/en/latest/tools.html#gluon.tools.Auth.jwt
>>
>> Json Web Token , communications to services "rest" .. I think that
>> facilitates your work
>>
>> Em quarta-feira, 28 de setembro de 2016 08:57:59 UTC-3, Lisandro escreveu:
>>>
>>> Hi there!
>>> I have a web2py app that implements a JSON-RPC public webservice, over
>>> HTTPS.
>>> It's public as it doesn't require user and password to authenticate.
>>>
>>> However, the webservice is only consumed by a set of other applications
>>> that I manage.
>>> So I would like those apps to use a key in order to connect to the
>>> webservice.
>>> I'm trying to do such thing with a custom decorator, but I can't make it
>>> work.
>>>
>>> This is what I have:
>>>
>>> from gluon.tools import Service
>>>
>>>
>>> service = Service()
>>>
>>>
>>> def validate_key():
>>> return True
>>>
>>>
>>> @auth.requires(lambda: validate_key())
>>> def call():
>>> session.forget()
>>> return service()
>>>
>>>
>>> @service.jsonrpc
>>> def test():
>>> return 'test ok'
>>>
>>>
>>>
>>> But when I try to connect to the webservice, I receive this error:
>>>
>>> ProtocolError:
>>>
>>>
>>> I'm not sure if what I'm tying to do is possible in that way.
>>> I know that I can apply the @auth.requires_login() decorator to the
>>> call() method, but that would force me to create users for every app using
>>> the webservice, and that's not wat I want. I would like to simply generate
>>> a key for every app that needs to use the webservice, and then ask the
>>> applications to use that key (either in the call to connect to the
>>> webservice, or in every call to any method of the webservice).
>>>
>>> What would be the correct approach?
>>> Thanks in advance.
>>> Regards,
>>> Lisandro.
>>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Re: How to restrict access to a public webservice using a key?
jwt is the emerging standard for apis and such, but if the usage is
all-internal, why don't you just start simple and do
if request.vars.token not in ('xa', 'bbxb', 'cc'):
raise HTTP(403)
?
On Wednesday, September 28, 2016 at 2:15:19 PM UTC+2, Marlysson Silva wrote:
>
> This is what you need:
>
> http://web2py.readthedocs.io/en/latest/tools.html#gluon.tools.Auth.jwt
>
> Json Web Token , communications to services "rest" .. I think that
> facilitates your work
>
> Em quarta-feira, 28 de setembro de 2016 08:57:59 UTC-3, Lisandro escreveu:
>>
>> Hi there!
>> I have a web2py app that implements a JSON-RPC public webservice, over
>> HTTPS.
>> It's public as it doesn't require user and password to authenticate.
>>
>> However, the webservice is only consumed by a set of other applications
>> that I manage.
>> So I would like those apps to use a key in order to connect to the
>> webservice.
>> I'm trying to do such thing with a custom decorator, but I can't make it
>> work.
>>
>> This is what I have:
>>
>> from gluon.tools import Service
>>
>>
>> service = Service()
>>
>>
>> def validate_key():
>> return True
>>
>>
>> @auth.requires(lambda: validate_key())
>> def call():
>> session.forget()
>> return service()
>>
>>
>> @service.jsonrpc
>> def test():
>> return 'test ok'
>>
>>
>>
>> But when I try to connect to the webservice, I receive this error:
>>
>> ProtocolError:
>>
>>
>> I'm not sure if what I'm tying to do is possible in that way.
>> I know that I can apply the @auth.requires_login() decorator to the
>> call() method, but that would force me to create users for every app using
>> the webservice, and that's not wat I want. I would like to simply generate
>> a key for every app that needs to use the webservice, and then ask the
>> applications to use that key (either in the call to connect to the
>> webservice, or in every call to any method of the webservice).
>>
>> What would be the correct approach?
>> Thanks in advance.
>> Regards,
>> Lisandro.
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Re: How to restrict access to a public webservice using a key?
This is what you need: http://web2py.readthedocs.io/en/latest/tools.html#gluon.tools.Auth.jwt Json Web Token , communications to services "rest" .. I think that facilitates your work Em quarta-feira, 28 de setembro de 2016 08:57:59 UTC-3, Lisandro escreveu: > > Hi there! > I have a web2py app that implements a JSON-RPC public webservice, over > HTTPS. > It's public as it doesn't require user and password to authenticate. > > However, the webservice is only consumed by a set of other applications > that I manage. > So I would like those apps to use a key in order to connect to the > webservice. > I'm trying to do such thing with a custom decorator, but I can't make it > work. > > This is what I have: > > from gluon.tools import Service > > > service = Service() > > > def validate_key(): > return True > > > @auth.requires(lambda: validate_key()) > def call(): > session.forget() > return service() > > > @service.jsonrpc > def test(): > return 'test ok' > > > > But when I try to connect to the webservice, I receive this error: > > ProtocolError: > > > I'm not sure if what I'm tying to do is possible in that way. > I know that I can apply the @auth.requires_login() decorator to the call() > method, but that would force me to create users for every app using the > webservice, and that's not wat I want. I would like to simply generate a > key for every app that needs to use the webservice, and then ask the > applications to use that key (either in the call to connect to the > webservice, or in every call to any method of the webservice). > > What would be the correct approach? > Thanks in advance. > Regards, > Lisandro. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
