Thanks Niphlod, nice and clean solution.
I was trying to just that, but I was trying to validate that token using
the decorator @auth.requires(lambda: validate_token()) for the call()
method, but it always returned a 303 code. I also tried with a custom
decorator, with no luck.
Anyway, your suggested solution is more than enough for me, so I'll proceed
with that.
Thank you both for your time!
Best regards,
Lisandro.
El miércoles, 28 de septiembre de 2016, 18:42:04 (UTC-3), Niphlod escribió:
>
> jwt is the emerging standard for apis and such, but if the usage is
> all-internal, why don't you just start simple and do
>
>
> if request.vars.token not in ('aaaaxa', 'bbbbbbxb', 'cccccc'):
> raise HTTP(403)
>
> ?
>
> On Wednesday, September 28, 2016 at 2:15:19 PM UTC+2, Marlysson Silva
> wrote:
>>
>> This is what you need:
>>
>> http://web2py.readthedocs.io/en/latest/tools.html#gluon.tools.Auth.jwt
>>
>> Json Web Token , communications to services "rest" .. I think that
>> facilitates your work
>>
>> Em quarta-feira, 28 de setembro de 2016 08:57:59 UTC-3, Lisandro escreveu:
>>>
>>> Hi there!
>>> I have a web2py app that implements a JSON-RPC public webservice, over
>>> HTTPS.
>>> It's public as it doesn't require user and password to authenticate.
>>>
>>> However, the webservice is only consumed by a set of other applications
>>> that I manage.
>>> So I would like those apps to use a key in order to connect to the
>>> webservice.
>>> I'm trying to do such thing with a custom decorator, but I can't make it
>>> work.
>>>
>>> This is what I have:
>>>
>>> from gluon.tools import Service
>>>
>>>
>>> service = Service()
>>>
>>>
>>> def validate_key():
>>> return True
>>>
>>>
>>> @auth.requires(lambda: validate_key())
>>> def call():
>>> session.forget()
>>> return service()
>>>
>>>
>>> @service.jsonrpc
>>> def test():
>>> return 'test ok'
>>>
>>>
>>>
>>> But when I try to connect to the webservice, I receive this error:
>>>
>>> ProtocolError: <ProtocolError for dev.medios/ws/call/jsonrpc: 303 SEE OTHER>
>>>
>>>
>>> I'm not sure if what I'm tying to do is possible in that way.
>>> I know that I can apply the @auth.requires_login() decorator to the
>>> call() method, but that would force me to create users for every app using
>>> the webservice, and that's not wat I want. I would like to simply generate
>>> a key for every app that needs to use the webservice, and then ask the
>>> applications to use that key (either in the call to connect to the
>>> webservice, or in every call to any method of the webservice).
>>>
>>> What would be the correct approach?
>>> Thanks in advance.
>>> Regards,
>>> Lisandro.
>>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
