On Monday, September 14, 2015 at 3:35:20 PM UTC-7, Luis Valladares wrote: > > Since i do the post i found some interesting articles, and now i have a > better implementation idea, but i'm still looking for the solution on a > subject. Here is what i have now: > > I will handle the authentication of my applications using the amazon > approach ( > http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/) > > and the user authentication using CAS in order to centralize al the > services auth providers, but i'm still searching for a way to handle the > authorization for user, i read about Spring security but i didnt see any > implementation in python or web2py > > Again, thanks for any help! >
Perhaps Niphlod's JWT implementation would work for you, too. Quoting his example again: > As per "original" demand of covering one-time-issued tokens, the "jti" > claim is the standard, and can be easily implemented, imagining to store > valid tokens in a database table: > > db.define_table('jwt_tokens', Field('token'), Field('user_id'), Field( > 'inserted_on', 'datetime', default=request.now)) > > def myadditional_payload(payload): > res = db(db.jwt_tokens.user_id == payload['user']['id']).select( > orderby=~db.jwt_tokens.inserted_on).first() > payload['jti'] = res.token > return payload > > def mybefore_authorization(tokend): > res = db( > (db.jwt_tokens.user_id == tokend['user']['id']) & > (db.jwt_tokens.token == tokend['jti']) > ).select().first() > if not res: > raise HTTP(400, u'Invalid JWT jti claim') > > myjwt = Web2pyJwt('secret', auth, > additional_payload=additional_payload, > before_authorization=mybefore_authorization) > The list of features is in his post in the developer's forum. <URL:https://groups.google.com/d/msg/web2py-developers/dXfUrHNI5Sg/gqNa3kXsCQAJ> If you need some background on JWT, my reading list recently included <URL:https://self-issued.info/docs/draft-ietf-oauth-json-web-token.html> (that's the standard as of May; it's actually readable by users of standards as well the writers, I think) /dps -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.