web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!!
It contains some bug fixes for bugs introduced in 2.13.1-2 and most
importantly it contains experimental support for JWT. Here is how it works:
1) instantiate auth with
auth = Auth(db, jwt = {'secret_key':'secret'})
where 'secret' is your own secret string.
2) Secorate functions that require login but should accept the JWT
token credentials:
@auth.allows_jwt()
@auth.requires_login()
def myapi(): return 'hello %s' % auth.user.email
Notice jwt is allowed but not required. if user is logged in, myapi
is accessible.
3) Use it!
Now API users can obtain a token with
http://.../app/default/user/jwt?username=...&password=....
(returns json object with a token attribute)
API users can refresh an existing token with
http://.../app/default/user/jwt?token=...
they can authenticate themselves when calling http:/.../myapi by
injecting a header
Authorization: Bearer <the jwt token>
Any additional attributes in the jwt argument of Auth() below:
auth = Auth(db, jwt = {...})
are passed to the constructor of class AuthJWT. Look there for
documentation.
Thanks Niphlod again for implementing this.
Please help us check it so we will declare it stable in the next release.
Massimo
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
