On Monday, September 14, 2015 at 3:35:20 PM UTC-7, Luis Valladares wrote:
>
> Since i do the post i found some interesting articles, and now i have a
> better implementation idea, but i'm still looking for the solution on a
> subject. Here is what i have now:
>
> I will handle the authentication of my applications using the amazon
> approach (
> http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/)
>
> and the user authentication using CAS in order to centralize al the
> services auth providers, but i'm still searching for a way to handle the
> authorization for user, i read about Spring security but i didnt see any
> implementation in python or web2py
>
> Again, thanks for any help!
>
Perhaps Niphlod's JWT implementation would work for you, too.
Quoting his example again:
> As per "original" demand of covering one-time-issued tokens, the "jti"
> claim is the standard, and can be easily implemented, imagining to store
> valid tokens in a database table:
>
> db.define_table('jwt_tokens', Field('token'), Field('user_id'), Field(
> 'inserted_on', 'datetime', default=request.now))
>
> def myadditional_payload(payload):
> res = db(db.jwt_tokens.user_id == payload['user']['id']).select(
> orderby=~db.jwt_tokens.inserted_on).first()
> payload['jti'] = res.token
> return payload
>
> def mybefore_authorization(tokend):
> res = db(
> (db.jwt_tokens.user_id == tokend['user']['id']) &
> (db.jwt_tokens.token == tokend['jti'])
> ).select().first()
> if not res:
> raise HTTP(400, u'Invalid JWT jti claim')
>
> myjwt = Web2pyJwt('secret', auth,
> additional_payload=additional_payload,
> before_authorization=mybefore_authorization)
>
The list of features is in his post in the developer's forum.
<URL:https://groups.google.com/d/msg/web2py-developers/dXfUrHNI5Sg/gqNa3kXsCQAJ>
If you need some background on JWT, my reading list recently included
<URL:https://self-issued.info/docs/draft-ietf-oauth-json-web-token.html>
(that's the standard as of May; it's actually readable by users of
standards as well the writers, I think)
/dps
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
