On Saturday, September 12, 2015 at 5:02:28 PM UTC-7, Darko Colic wrote:
>
> Hello,
> I'm trying to use web2py to build a JSON based API (not REST though) for a
> mobile and single-page-application client.
>
> I wonder if there is a simple way to use Web2py internals like auth and
> session global object for such a case?
>
> For example, in regular web-based app web2py "magically" restore a user
> and a session using cookies. In API environment it is not possible. Would
> it be possible instead to generate a token upon a login and then associate
> auth and session objects with that token. Then on every API function that
> requires login perform a decoration function to look up a token that client
> sends and restore auth and session objects associated with it, and later
> use it in the function as we would in a normal web-based app. Is there a
> way to do that?
>
>
>
Niphlod has a token package (in "alpha" testing, I think) that implements
JWT for Web2Py. I don't know if that would do what you want, but it should
do most of it.
>From his post on the developer's list, here's his quick sample:
As per "original" demand of covering one-time-issued tokens, the "jti"
> claim is the standard, and can be easily implemented, imagining to store
> valid tokens in a database table:
>
> db.define_table('jwt_tokens', Field('token'), Field('user_id'), Field(
> 'inserted_on', 'datetime', default=request.now))
>
> def myadditional_payload(payload):
> res = db(db.jwt_tokens.user_id == payload['user']['id']).select(
> orderby=~db.jwt_tokens.inserted_on).first()
> payload['jti'] = res.token
> return payload
>
> def mybefore_authorization(tokend):
> res = db(
> (db.jwt_tokens.user_id == tokend['user']['id']) &
> (db.jwt_tokens.token == tokend['jti'])
> ).select().first()
> if not res:
> raise HTTP(400, u'Invalid JWT jti claim')
>
> myjwt = Web2pyJwt('secret', auth,
> additional_payload=additional_payload,
> before_authorization=mybefore_authorization)
>
<URL:https://groups.google.com/d/msg/web2py-developers/dXfUrHNI5Sg/gqNa3kXsCQAJ>
Look for reports on testing of the package soon.
/dps
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
