On Wednesday, February 22, 2017 at 5:57:09 PM UTC-8, Michael Gheith wrote: > > Let's pretend I want to create a service like Stripe. I know that if you > make a call to a web service, you provided information (your api key) in > the request header. Is this what JWT is used for? What's the workflow? > Are there any examples out there? Does web2py support this type of > authentication out of the box? >
JWT is bundled with recent web2py's. In trunk for sure, but I think it did get into 2.14.6 as well. JWT can be used when you don't have to pass credentials to a third-party, so would be okay for a private API. JWT can also be used for bearer tokens in OAUTH 2, where you do have a third-party involved, but for OAUTH 2 you should be looking at higher-level frame work to wrap stuff. Jim Manico , a popular OWASP speaker, calls OAUTH 2 a "valet key". His card has "www.manicode.com" if you want to check out what he does. /dps -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
