Now I'm using a token based authentication but it's server side, I store the data of the tokens inside a redis cluster server and make a request every time I want to retrieve this token data El dic. 30, 2015 8:33 PM, "Dave S" <snidely....@gmail.com> escribió:
> > > On Wednesday, December 30, 2015 at 4:07:35 PM UTC-8, Luis Valladares wrote: >> >> All my applications are REST so CAS doesn't work I think >> > > Currently not requiring login? You're using the REST decorator? And you > want to add JWT for security? > > In that direction, I'm wondering what @response.restfull() does with > sessions. > <URL: > http://web2py.com/books/default/chapter/29/10/services#Services-and-Authentication > > > It appears that sessions (e.g. session cookies) are supported, > and I'd be trying to use the CAS approach in the call() routine. > > This is speculation on my part; I'm not even a power user for auth. > > /dps > > > El dic. 30, 2015 7:19 PM, "Dave S" <snide...@gmail.com> escribió: >> >>> On Wednesday, December 30, 2015 at 2:33:46 PM UTC-8, >>> luis.va...@metamaxzone.com wrote: >>>> >>>> What if i've two different applications (event in two differents >>>> machines) one for the front end of my site (all my views, form, etc...) and >>>> other to authenticate my users, i mean, a micro service architecture. >>>> >>> >>> Does the web2py CAS support help with this? Assuming you're >>> investigating the JWT support. >>> >>> <URL: >>> http://web2py.com/books/default/chapter/29/09/access-control#Central-Authentication-Service >>> > >>> >>> /dps >>> >>> >>> >>>> >>>> El jueves, 24 de diciembre de 2015, 10:51:42 (UTC-4:30), Massimo Di >>>> Pierro escribió: >>>>> >>>>> web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!! >>>>> >>>>> It contains some bug fixes for bugs introduced in 2.13.1-2 and most >>>>> importantly it contains experimental support for JWT. Here is how it >>>>> works: >>>>> >>>>> 1) instantiate auth with >>>>> >>>>> auth = Auth(db, jwt = {'secret_key':'secret'}) >>>>> >>>>> where 'secret' is your own secret string. >>>>> >>>>> 2) Secorate functions that require login but should accept the >>>>> JWT token credentials: >>>>> >>>>> @auth.allows_jwt() >>>>> @auth.requires_login() >>>>> def myapi(): return 'hello %s' % auth.user.email >>>>> >>>>> Notice jwt is allowed but not required. if user is logged in, >>>>> myapi is accessible. >>>>> >>>>> 3) Use it! >>>>> Now API users can obtain a token with >>>>> >>>>> http://.../app/default/user/jwt?username=...&password=.... >>>>> >>>>> (returns json object with a token attribute) >>>>> API users can refresh an existing token with >>>>> >>>>> http://.../app/default/user/jwt?token=... >>>>> >>>>> they can authenticate themselves when calling http:/.../myapi >>>>> by injecting a header >>>>> >>>>> Authorization: Bearer <the jwt token> >>>>> >>>>> Any additional attributes in the jwt argument of Auth() below: >>>>> >>>>> auth = Auth(db, jwt = {...}) >>>>> >>>>> are passed to the constructor of class AuthJWT. Look there for >>>>> documentation. >>>>> >>>>> Thanks Niphlod again for implementing this. >>>>> Please help us check it so we will declare it stable in the next >>>>> release. >>>>> >>>>> Massimo >>>>> >>>>> >>>>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "web2py-users" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/web2py/NUDpOmGLDTQ/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> web2py+un...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to a topic in the > Google Groups "web2py-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/web2py/NUDpOmGLDTQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
