Json-rpc (or REST) with JWT token auth in py4web - how?

[Alexei Vinidiktov]

Hello,

Since web2py is very slow (according to a benchmark I've seen), and py4web is much faster, I'm interested in moving to py4web but I'm not sure how to handle the transition.

My web2py app is used as a service layer communicating with the JavaScript frontend via json-rpc.

It uses web2py JWT tokens for auth (sent as Authorization: Bearer <token> header).

How can I handle the same architecture in py4web?

I think the same question should be valid for REST services requiring authentication. 

Basically, something like this:

myjwt = AuthJWT(auth, secret_key='SecretKey', expiration=3000000)

@cors_allow
@catch303
@myjwt.allows_jwt()
@auth.requires_login()
def call():
    session.forget()
    return service()

@service.jsonrpc2
def create(lesson_id, question, answer, reading, context, weight, examples):
    card_id = db.card.insert(
        lesson_id=lesson_id,
        user_id=auth.user.id,
        question=question,
        answer=answer,
        reading=reading,
        context=context,
        weight=weight,
        examples=examples
    )
    return int(card_id)

How can I get the token, refresh the token, revoke it, how can I use it to authenticate json-rpc requests (or REST requests for that matter)?

[Massimo Di Pierro]

Please ask the question on the py4web mailing list and I will provide an example there (may need to code it)

[Alexei Vinidiktov]

I just did. Thanks!