Re: [web2py] Restful authentication and CORS

[Christian Foster Howes]

Albert,

when we built our oauth implementation we build it ourselves on top of 
the python oauth2 lib.  it's been a while since we built it so i can't 
remember if that web2py-oauth2 lib had not been written yet.  we also 
are doing a slightly modified form of auth with our users - they start 
as "anonymous" users but still have access tokens, later they register 
or login with a 3rd party oauth provider and then we are just an oauth 
client.


if that sounds at all like what you are doing maybe i can distill some 
of what we had into a format that i can share.'


christian

On 08/05/2014 05:57 AM, Albert Abril wrote:

Hi Christian,

I'm trying to set up my app as a oauth2 provider too,
did you use https://github.com/SamuelMarks/web2py-oauth2 , or another
source? do you have any tutorials or documentation about it? I'll
appreciate it so much.

Cheers,
Albert.


On 29 May 2013 00:21, Christian Foster Howes  wrote:


i have configured my system to be an oauth provider and added a decorator
to all RESTful calls to validate the oauth signature.  yes, i do this on
each request that i require authentication for.


On Tuesday, May 28, 2013 6:01:11 AM UTC-7, Ruben D. Orduz wrote:


Yes, most REST patterns I've seen are handled either by http basic auth
or else request signing. Either option requires handling that on each call.


On Tue, May 28, 2013 at 4:54 AM, Michele Comitini 
wrote:


  REST is stateless so you should not rely on session, hence you can use

auth.settings.allow_basic_login = True

see here
http://web2py.com/books/default/chapter/29/10#Access-Control

for proper (as per RFC) authentication challenge with realm use:

@auth.basich(basic_auth_real=)

An alternative is to pass an argument or a parameter with authencation
info and use
auth.login_bare

Anyway you must pass authentication info with each call since being the
service stateless the server has no way to recognize the client.

mic


2013/5/27 Ray (a.k.a. Iceberg) 


Hi Alec,

On Tuesday, July 17, 2012 1:03:04 AM UTC+8, Alec Taylor wrote:


On Tue, Jul 17, 2012 at 2:20 AM, David Marko 
wrote:

+1 from me having this. Btw. On client side i'm using AngularJS and

Trigger.io (instead of PhoneGap)

I've been looking around, and will have one of the following setups:

- *AngularJS * with *BarristerRPC
*
- *BackboneJS * with *Backbone.Rpc
*
- *JQuery mobile*  with *jquery-jsonrpc*
 (or plain
JSON.stringify)

All within a *PhoneGap * (*Apache Cordova
*) app using the* Facebook
connect plugin
*
for authentication (for graceful downgrade from Facebook mobile app
 to Facebook website auth
).

I should have a PoC 
on August 2 with a full backend written in web2py and two frontends (one in
web2py views; the other in one of the above frameworks).

Subsequently I'll release it under a full open-source license onto
Bitbucket. I'll post to the web2py list with link + slides when the repo is
live



Sorry for late response. I am a web2py veteran who dives into restful
world only recently. Do you have any finding to share about the restful
authentication in web2py? Thanks in advance!

Regards,
Ray

--

---
You received this message because you are subscribed to the Google
Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to web2py+un...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.





  --

---
You received this message because you are subscribed to a topic in the
Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/
topic/web2py/FyxbO0WGMhU/unsubscribe?hl=en.
  To unsubscribe from this group and all its topics, send an email to
web2py+un...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.





  --


---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.







--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups "web2py-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://group

Re: [web2py] Restful authentication and CORS

[Albert Abril]

Hi Christian,

I'm trying to set up my app as a oauth2 provider too,
did you use https://github.com/SamuelMarks/web2py-oauth2 , or another
source? do you have any tutorials or documentation about it? I'll
appreciate it so much.

Cheers,
Albert.


On 29 May 2013 00:21, Christian Foster Howes  wrote:

> i have configured my system to be an oauth provider and added a decorator
> to all RESTful calls to validate the oauth signature.  yes, i do this on
> each request that i require authentication for.
>
>
> On Tuesday, May 28, 2013 6:01:11 AM UTC-7, Ruben D. Orduz wrote:
>
>> Yes, most REST patterns I've seen are handled either by http basic auth
>> or else request signing. Either option requires handling that on each call.
>>
>>
>> On Tue, May 28, 2013 at 4:54 AM, Michele Comitini 
>> wrote:
>>
>>>  REST is stateless so you should not rely on session, hence you can use
>>>
>>> auth.settings.allow_basic_login = True
>>>
>>> see here
>>> http://web2py.com/books/default/chapter/29/10#Access-Control
>>>
>>> for proper (as per RFC) authentication challenge with realm use:
>>>
>>> @auth.basich(basic_auth_real=)
>>>
>>> An alternative is to pass an argument or a parameter with authencation
>>> info and use
>>> auth.login_bare
>>>
>>> Anyway you must pass authentication info with each call since being the
>>> service stateless the server has no way to recognize the client.
>>>
>>> mic
>>>
>>>
>>> 2013/5/27 Ray (a.k.a. Iceberg) 
>>>
 Hi Alec,

 On Tuesday, July 17, 2012 1:03:04 AM UTC+8, Alec Taylor wrote:
>
> On Tue, Jul 17, 2012 at 2:20 AM, David Marko 
> wrote:
> > +1 from me having this. Btw. On client side i'm using AngularJS and
> Trigger.io (instead of PhoneGap)
>
> I've been looking around, and will have one of the following setups:
>
>- *AngularJS * with *BarristerRPC
>*
>- *BackboneJS * with *Backbone.Rpc
>*
>- *JQuery mobile*  with *jquery-jsonrpc*
> (or plain
>JSON.stringify)
>
> All within a *PhoneGap * (*Apache Cordova
> *) app using the* Facebook
> connect plugin
> *
> for authentication (for graceful downgrade from Facebook mobile app
>  to Facebook website auth
> ).
>
> I should have a PoC 
> on August 2 with a full backend written in web2py and two frontends (one 
> in
> web2py views; the other in one of the above frameworks).
>
> Subsequently I'll release it under a full open-source license onto
> Bitbucket. I'll post to the web2py list with link + slides when the repo 
> is
> live
>

 Sorry for late response. I am a web2py veteran who dives into restful
 world only recently. Do you have any finding to share about the restful
 authentication in web2py? Thanks in advance!

 Regards,
 Ray

 --

 ---
 You received this message because you are subscribed to the Google
 Groups "web2py-users" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to web2py+un...@googlegroups.com.

 For more options, visit https://groups.google.com/groups/opt_out.



>>>
>>>  --
>>>
>>> ---
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "web2py-users" group.
>>> To unsubscribe from this topic, visit https://groups.google.com/d/
>>> topic/web2py/FyxbO0WGMhU/unsubscribe?hl=en.
>>>  To unsubscribe from this group and all its topics, send an email to
>>> web2py+un...@googlegroups.com.
>>>
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>>
>>>
>>
>>  --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Restful authentication and CORS

[Christian Foster Howes]

i have configured my system to be an oauth provider and added a decorator 
to all RESTful calls to validate the oauth signature.  yes, i do this on 
each request that i require authentication for.

On Tuesday, May 28, 2013 6:01:11 AM UTC-7, Ruben D. Orduz wrote:
>
> Yes, most REST patterns I've seen are handled either by http basic auth or 
> else request signing. Either option requires handling that on each call.
>
>
> On Tue, May 28, 2013 at 4:54 AM, Michele Comitini 
> 
> > wrote:
>
>> REST is stateless so you should not rely on session, hence you can use 
>>
>> auth.settings.allow_basic_login = True
>>
>> see here
>> http://web2py.com/books/default/chapter/29/10#Access-Control
>>
>> for proper (as per RFC) authentication challenge with realm use:
>>
>> @auth.basich(basic_auth_real=)
>>
>> An alternative is to pass an argument or a parameter with authencation 
>> info and use
>> auth.login_bare
>>
>> Anyway you must pass authentication info with each call since being the 
>> service stateless the server has no way to recognize the client.
>>
>> mic
>>
>>
>> 2013/5/27 Ray (a.k.a. Iceberg) >
>>
>>> Hi Alec,
>>>
>>> On Tuesday, July 17, 2012 1:03:04 AM UTC+8, Alec Taylor wrote:

 On Tue, Jul 17, 2012 at 2:20 AM, David Marko  wrote:
 > +1 from me having this. Btw. On client side i'm using AngularJS and 
 Trigger.io (instead of PhoneGap)

 I've been looking around, and will have one of the following setups:

- *AngularJS * with 
 *BarristerRPC
* 
- *BackboneJS * with 
 *Backbone.Rpc
*
- *JQuery mobile*  with 
 *jquery-jsonrpc*(or plain 
 JSON.stringify)

 All within a *PhoneGap * (*Apache 
 Cordova
 *) app using the* Facebook connect 
 plugin
 * for authentication (for graceful downgrade from Facebook mobile 
 appto Facebook 
 website auth ).

 I should have a PoC  on 
 August 2 with a full backend written in web2py and two frontends (one in 
 web2py views; the other in one of the above frameworks).

 Subsequently I'll release it under a full open-source license onto 
 Bitbucket. I'll post to the web2py list with link + slides when the repo 
 is 
 live 

>>>
>>> Sorry for late response. I am a web2py veteran who dives into restful 
>>> world only recently. Do you have any finding to share about the restful 
>>> authentication in web2py? Thanks in advance!
>>>
>>> Regards,
>>> Ray
>>>  
>>> -- 
>>>  
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to web2py+un...@googlegroups.com .
>>>
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>  
>>>  
>>>
>>
>>  -- 
>>  
>> --- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "web2py-users" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/web2py/FyxbO0WGMhU/unsubscribe?hl=en.
>> To unsubscribe from this group and all its topics, send an email to 
>> web2py+un...@googlegroups.com .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>  
>>  
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Restful authentication and CORS

[Ruben D. Orduz]

Yes, most REST patterns I've seen are handled either by http basic auth or
else request signing. Either option requires handling that on each call.


On Tue, May 28, 2013 at 4:54 AM, Michele Comitini <
michele.comit...@gmail.com> wrote:

> REST is stateless so you should not rely on session, hence you can use
>
> auth.settings.allow_basic_login = True
>
> see here
> http://web2py.com/books/default/chapter/29/10#Access-Control
>
> for proper (as per RFC) authentication challenge with realm use:
>
> @auth.basich(basic_auth_real=)
>
> An alternative is to pass an argument or a parameter with authencation
> info and use
> auth.login_bare
>
> Anyway you must pass authentication info with each call since being the
> service stateless the server has no way to recognize the client.
>
> mic
>
>
> 2013/5/27 Ray (a.k.a. Iceberg) 
>
>> Hi Alec,
>>
>> On Tuesday, July 17, 2012 1:03:04 AM UTC+8, Alec Taylor wrote:
>>>
>>> On Tue, Jul 17, 2012 at 2:20 AM, David Marko  wrote:
>>> > +1 from me having this. Btw. On client side i'm using AngularJS and
>>> Trigger.io (instead of PhoneGap)
>>>
>>> I've been looking around, and will have one of the following setups:
>>>
>>>- *AngularJS * with 
>>> *BarristerRPC
>>>*
>>>- *BackboneJS * with 
>>> *Backbone.Rpc
>>>*
>>>- *JQuery mobile*  with 
>>> *jquery-jsonrpc*(or plain 
>>> JSON.stringify)
>>>
>>> All within a *PhoneGap * (*Apache 
>>> Cordova
>>> *) app using the* Facebook connect 
>>> plugin
>>> * for authentication (for graceful downgrade from Facebook mobile 
>>> appto Facebook
>>> website auth ).
>>>
>>> I should have a PoC  on
>>> August 2 with a full backend written in web2py and two frontends (one in
>>> web2py views; the other in one of the above frameworks).
>>>
>>> Subsequently I'll release it under a full open-source license onto
>>> Bitbucket. I'll post to the web2py list with link + slides when the repo is
>>> live
>>>
>>
>> Sorry for late response. I am a web2py veteran who dives into restful
>> world only recently. Do you have any finding to share about the restful
>> authentication in web2py? Thanks in advance!
>>
>> Regards,
>> Ray
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>>
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
>  --
>
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "web2py-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/web2py/FyxbO0WGMhU/unsubscribe?hl=en.
> To unsubscribe from this group and all its topics, send an email to
> web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Restful authentication and CORS

[Michele Comitini]

REST is stateless so you should not rely on session, hence you can use

auth.settings.allow_basic_login = True

see here
http://web2py.com/books/default/chapter/29/10#Access-Control

for proper (as per RFC) authentication challenge with realm use:

@auth.basich(basic_auth_real=)

An alternative is to pass an argument or a parameter with authencation info
and use
auth.login_bare

Anyway you must pass authentication info with each call since being the
service stateless the server has no way to recognize the client.

mic


2013/5/27 Ray (a.k.a. Iceberg) 

> Hi Alec,
>
> On Tuesday, July 17, 2012 1:03:04 AM UTC+8, Alec Taylor wrote:
>>
>> On Tue, Jul 17, 2012 at 2:20 AM, David Marko  wrote:
>> > +1 from me having this. Btw. On client side i'm using AngularJS and
>> Trigger.io (instead of PhoneGap)
>>
>> I've been looking around, and will have one of the following setups:
>>
>>- *AngularJS * with 
>> *BarristerRPC
>>*
>>- *BackboneJS * with 
>> *Backbone.Rpc
>>*
>>- *JQuery mobile*  with 
>> *jquery-jsonrpc*(or plain 
>> JSON.stringify)
>>
>> All within a *PhoneGap * (*Apache 
>> Cordova
>> *) app using the* Facebook connect 
>> plugin
>> * for authentication (for graceful downgrade from Facebook mobile 
>> appto Facebook
>> website auth ).
>>
>> I should have a PoC  on
>> August 2 with a full backend written in web2py and two frontends (one in
>> web2py views; the other in one of the above frameworks).
>>
>> Subsequently I'll release it under a full open-source license onto
>> Bitbucket. I'll post to the web2py list with link + slides when the repo is
>> live
>>
>
> Sorry for late response. I am a web2py veteran who dives into restful
> world only recently. Do you have any finding to share about the restful
> authentication in web2py? Thanks in advance!
>
> Regards,
> Ray
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Restful authentication and CORS

[Ray (a.k.a. Iceberg)]

Hi Alec,

On Tuesday, July 17, 2012 1:03:04 AM UTC+8, Alec Taylor wrote:
>
> On Tue, Jul 17, 2012 at 2:20 AM, David Marko > 
> wrote:
> > +1 from me having this. Btw. On client side i'm using AngularJS and 
> Trigger.io (instead of PhoneGap)
>
> I've been looking around, and will have one of the following setups:
>
>- *AngularJS * with 
> *BarristerRPC
>* 
>- *BackboneJS * with 
> *Backbone.Rpc
>*
>- *JQuery mobile*  with 
> *jquery-jsonrpc*(or plain 
> JSON.stringify)
>
> All within a *PhoneGap * (*Apache 
> Cordova
> *) app using the* Facebook connect 
> plugin
> * for authentication (for graceful downgrade from Facebook mobile 
> appto Facebook 
> website auth ).
>
> I should have a PoC  on 
> August 2 with a full backend written in web2py and two frontends (one in 
> web2py views; the other in one of the above frameworks).
>
> Subsequently I'll release it under a full open-source license onto 
> Bitbucket. I'll post to the web2py list with link + slides when the repo is 
> live 
>

Sorry for late response. I am a web2py veteran who dives into restful world 
only recently. Do you have any finding to share about the restful 
authentication in web2py? Thanks in advance!

Regards,
Ray

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Restful authentication and CORS

[Alec Taylor]

On Tuesday, July 17, 2012 2:20:08 AM UTC+10, David Marko wrote:
>
> +1 from me having this. Btw. On client side i'm using AngularJS and 
> Trigger.io (instead of PhoneGap)


I've been looking around, and will have one of the following setups:

   - *AngularJS * with 
*BarristerRPC
   *
   - *BackboneJS * with 
*Backbone.Rpc
   *
   - *JQuery mobile*  with 
*jquery-jsonrpc*(or plain 
JSON.stringify)
   
All within a *PhoneGap * (*Apache 
Cordova
*) app using the* Facebook connect 
plugin
* for authentication (for graceful downgrade from Facebook mobile 
appto Facebook 
website auth ).

I should have a PoC  on 
August 2 with a full backend written in web2py and two frontends (one in 
web2py views; the other in one of the above frameworks).
Subsequently I'll release it under a full open-source license onto 
Bitbucket. I'll post to the web2py list with link + slides when the repo is 
live  

Re: [web2py] Restful authentication and CORS

[Alec Taylor]

On Tue, Jul 17, 2012 at 2:20 AM, David Marko  wrote:
> +1 from me having this. Btw. On client side i'm using AngularJS and
Trigger.io (instead of PhoneGap)

I've been looking around, and will have one of the following setups:

   - *AngularJS * with
*BarristerRPC
   *
   - *BackboneJS * with
*Backbone.Rpc
   *
   - *JQuery mobile*  with
*jquery-jsonrpc*(or plain
JSON.stringify)

All within a *PhoneGap * (*Apache
Cordova
*) app using the* Facebook connect
plugin
* for authentication (for graceful downgrade from Facebook mobile
appto Facebook
website auth ).

I should have a PoC  on
August 2 with a full backend written in web2py and two frontends (one in
web2py views; the other in one of the above frameworks).

Subsequently I'll release it under a full open-source license onto
Bitbucket. I'll post to the web2py list with link + slides when the repo is
live [?]
<<001.png>>

Re: [web2py] Restful authentication and CORS

[David Marko]

+1 from me having this. Btw. On client side i'm using AngularJS and Trigger.io 
(instead of PhoneGap)

Re: [web2py] Restful authentication and CORS

[Alec Taylor]

Hi rdodev,

I'm doing the exact same thing (well similar concept... using PhoneGap
and remote auth, but using JSONRPC and OAuth2 instead of REST and
regular auth)

Keep an eye on this issue: http://code.google.com/p/web2py/issues/detail?id=872

When the dev's get the time they'll be adding in digest auth support.

All the best,

Alec Taylor

On Tue, Jul 17, 2012 at 1:18 AM, rdodev  wrote:
> I'm developing a web2py app that will be used as the back-end for a mobile
> app. The mobile app will be making API calls to the service for anything
> ranging from login/authentication to CRUD operations. The auth model that
> comes baked into web2py would suffice, except that it's not RESTful and it's
> mostly geared to work with a web browser (sessions, cookies, etc.). Is there
> a way to set the auth module to behave RESTfully?
>
> Another issue is that some of the mobile clients might be running on a
> webView (phoneGap) and thus issuing requests to out back end would result in
> a same-origin policy denial. Is there a way to setup CORS in web2py (or
> should we set that up through apache/wsgi instead?)
>
> Thanks.