everything in auth has underlying defaults to have an entity (usually, the
user) to authenticate. if it's not authenticated, then it's usually
redirected to the login page. see auth.requires signature in deep if you
want to use it as a standard "block this if this condition isn't met"
style-decorator.
On Thursday, September 29, 2016 at 3:28:05 PM UTC+2, Lisandro wrote:
>
> Thanks Niphlod, nice and clean solution.
> I was trying to just that, but I was trying to validate that token using
> the decorator @auth.requires(lambda: validate_token()) for the call()
> method, but it always returned a 303 code. I also tried with a custom
> decorator, with no luck.
> Anyway, your suggested solution is more than enough for me, so I'll
> proceed with that.
>
> Thank you both for your time!
>
> Best regards,
> Lisandro.
>
> El miércoles, 28 de septiembre de 2016, 18:42:04 (UTC-3), Niphlod escribió:
>>
>> jwt is the emerging standard for apis and such, but if the usage is
>> all-internal, why don't you just start simple and do
>>
>>
>> if request.vars.token not in ('aaaaxa', 'bbbbbbxb', 'cccccc'):
>> raise HTTP(403)
>>
>> ?
>>
>> On Wednesday, September 28, 2016 at 2:15:19 PM UTC+2, Marlysson Silva
>> wrote:
>>>
>>> This is what you need:
>>>
>>> http://web2py.readthedocs.io/en/latest/tools.html#gluon.tools.Auth.jwt
>>>
>>> Json Web Token , communications to services "rest" .. I think that
>>> facilitates your work
>>>
>>> Em quarta-feira, 28 de setembro de 2016 08:57:59 UTC-3, Lisandro
>>> escreveu:
>>>>
>>>> Hi there!
>>>> I have a web2py app that implements a JSON-RPC public webservice, over
>>>> HTTPS.
>>>> It's public as it doesn't require user and password to authenticate.
>>>>
>>>> However, the webservice is only consumed by a set of other applications
>>>> that I manage.
>>>> So I would like those apps to use a key in order to connect to the
>>>> webservice.
>>>> I'm trying to do such thing with a custom decorator, but I can't make
>>>> it work.
>>>>
>>>> This is what I have:
>>>>
>>>> from gluon.tools import Service
>>>>
>>>>
>>>> service = Service()
>>>>
>>>>
>>>> def validate_key():
>>>> return True
>>>>
>>>>
>>>> @auth.requires(lambda: validate_key())
>>>> def call():
>>>> session.forget()
>>>> return service()
>>>>
>>>>
>>>> @service.jsonrpc
>>>> def test():
>>>> return 'test ok'
>>>>
>>>>
>>>>
>>>> But when I try to connect to the webservice, I receive this error:
>>>>
>>>> ProtocolError: <ProtocolError for dev.medios/ws/call/jsonrpc: 303 SEE
>>>> OTHER>
>>>>
>>>>
>>>> I'm not sure if what I'm tying to do is possible in that way.
>>>> I know that I can apply the @auth.requires_login() decorator to the
>>>> call() method, but that would force me to create users for every app using
>>>> the webservice, and that's not wat I want. I would like to simply generate
>>>> a key for every app that needs to use the webservice, and then ask the
>>>> applications to use that key (either in the call to connect to the
>>>> webservice, or in every call to any method of the webservice).
>>>>
>>>> What would be the correct approach?
>>>> Thanks in advance.
>>>> Regards,
>>>> Lisandro.
>>>>
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
