On Sep 16, 2011, at 10:35 AM, Eric wrote: > Hey, Ross. Your solution using request.vars.token worked. Thanks!! > > On Sep 15, 9:06 pm, Ross Peoples <ross.peop...@gmail.com> wrote: >> Eric, I may have found a way to do it, but it's not pretty. >> >> Create a controller that only has login / logout methods. The login method >> will return your token that is saved somewhere (cache or database). >> >> Then in other controllers where you need to enforce token authentication, >> put this into your call() method: >> >> if 'token' in request.vars: >> token = request.vars.token >> if token != 'test': # you would put your own token checking logic >> here >> raise HTTP(401, 'Supplied token was not valid.') >> else: >> raise HTTP(401, 'Token must supplied as a variable in the query >> string.') >> >> return service() >
Minor point: since request.vars is Storage, you can simply say token = request.vars.token which is basically the same as token = request.vars.get('token', None) and skip the test. If token isn't present, it'll be set to None.