On Wednesday, December 30, 2015 at 4:07:35 PM UTC-8, Luis Valladares wrote: > > All my applications are REST so CAS doesn't work I think >
Currently not requiring login? You're using the REST decorator? And you want to add JWT for security? In that direction, I'm wondering what @response.restfull() does with sessions. <URL:http://web2py.com/books/default/chapter/29/10/services#Services-and-Authentication> It appears that sessions (e.g. session cookies) are supported, and I'd be trying to use the CAS approach in the call() routine. This is speculation on my part; I'm not even a power user for auth. /dps El dic. 30, 2015 7:19 PM, "Dave S" <snide...@gmail.com <javascript:>> > escribió: > >> On Wednesday, December 30, 2015 at 2:33:46 PM UTC-8, >> luis.va...@metamaxzone.com wrote: >>> >>> What if i've two different applications (event in two differents >>> machines) one for the front end of my site (all my views, form, etc...) and >>> other to authenticate my users, i mean, a micro service architecture. >>> >> >> Does the web2py CAS support help with this? Assuming you're >> investigating the JWT support. >> >> <URL: >> http://web2py.com/books/default/chapter/29/09/access-control#Central-Authentication-Service >> > >> >> /dps >> >> >> >>> >>> El jueves, 24 de diciembre de 2015, 10:51:42 (UTC-4:30), Massimo Di >>> Pierro escribió: >>>> >>>> web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!! >>>> >>>> It contains some bug fixes for bugs introduced in 2.13.1-2 and most >>>> importantly it contains experimental support for JWT. Here is how it works: >>>> >>>> 1) instantiate auth with >>>> >>>> auth = Auth(db, jwt = {'secret_key':'secret'}) >>>> >>>> where 'secret' is your own secret string. >>>> >>>> 2) Secorate functions that require login but should accept the >>>> JWT token credentials: >>>> >>>> @auth.allows_jwt() >>>> @auth.requires_login() >>>> def myapi(): return 'hello %s' % auth.user.email >>>> >>>> Notice jwt is allowed but not required. if user is logged in, >>>> myapi is accessible. >>>> >>>> 3) Use it! >>>> Now API users can obtain a token with >>>> >>>> http://.../app/default/user/jwt?username=...&password=.... >>>> >>>> (returns json object with a token attribute) >>>> API users can refresh an existing token with >>>> >>>> http://.../app/default/user/jwt?token=... >>>> >>>> they can authenticate themselves when calling http:/.../myapi >>>> by injecting a header >>>> >>>> Authorization: Bearer <the jwt token> >>>> >>>> Any additional attributes in the jwt argument of Auth() below: >>>> >>>> auth = Auth(db, jwt = {...}) >>>> >>>> are passed to the constructor of class AuthJWT. Look there for >>>> documentation. >>>> >>>> Thanks Niphlod again for implementing this. >>>> Please help us check it so we will declare it stable in the next >>>> release. >>>> >>>> Massimo >>>> >>>> >>>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "web2py-users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/web2py/NUDpOmGLDTQ/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> web2py+un...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.