jwt is the emerging standard for apis and such, but if the usage is
all-internal, why don't you just start simple and do
if request.vars.token not in ('aaaaxa', 'bbbbbbxb', 'cccccc'):
raise HTTP(403)
?
On Wednesday, September 28, 2016 at 2:15:19 PM UTC+2, Marlysson Silva wrote:
>
> This is what you need:
>
> http://web2py.readthedocs.io/en/latest/tools.html#gluon.tools.Auth.jwt
>
> Json Web Token , communications to services "rest" .. I think that
> facilitates your work
>
> Em quarta-feira, 28 de setembro de 2016 08:57:59 UTC-3, Lisandro escreveu:
>>
>> Hi there!
>> I have a web2py app that implements a JSON-RPC public webservice, over
>> HTTPS.
>> It's public as it doesn't require user and password to authenticate.
>>
>> However, the webservice is only consumed by a set of other applications
>> that I manage.
>> So I would like those apps to use a key in order to connect to the
>> webservice.
>> I'm trying to do such thing with a custom decorator, but I can't make it
>> work.
>>
>> This is what I have:
>>
>> from gluon.tools import Service
>>
>>
>> service = Service()
>>
>>
>> def validate_key():
>> return True
>>
>>
>> @auth.requires(lambda: validate_key())
>> def call():
>> session.forget()
>> return service()
>>
>>
>> @service.jsonrpc
>> def test():
>> return 'test ok'
>>
>>
>>
>> But when I try to connect to the webservice, I receive this error:
>>
>> ProtocolError: <ProtocolError for dev.medios/ws/call/jsonrpc: 303 SEE OTHER>
>>
>>
>> I'm not sure if what I'm tying to do is possible in that way.
>> I know that I can apply the @auth.requires_login() decorator to the
>> call() method, but that would force me to create users for every app using
>> the webservice, and that's not wat I want. I would like to simply generate
>> a key for every app that needs to use the webservice, and then ask the
>> applications to use that key (either in the call to connect to the
>> webservice, or in every call to any method of the webservice).
>>
>> What would be the correct approach?
>> Thanks in advance.
>> Regards,
>> Lisandro.
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
