py4web jwt ?

[António Ramos]

this code  from the docs...

@action('index')
@action.uses(auth.user)
def index():
    
    return {"ok":1}

Here @action.uses(auth.user) tells py4web that this action requires a logged in user and should redirect to login if no user is logged in.

this redirect is good for an full web2py app.

What if i have a SPA in vue ?

In case the user is not logged it it should not redirect to login page because the apps is a outsider vue spa. How to return an error to vue spa ??

regards

António

[Val K]

+1 autoredirect should be an option

[Val K]

It seems it depends on request.content_type
https://github.com/web2py/py4web/blob/e6b3d5e10e15976af153c4a4e6b349a02fe6c2a9/py4web/utils/auth.py#L35

[António Ramos]

getting this from py4web as an api. 

Is not what i would like to see from a SPA standpoint.

Regards

António

Em qui., 20 de fev. de 2020 às 18:03, Val K <valq...@gmail.com> escreveu:

It seems it depends on request.content_type
https://github.com/web2py/py4web/blob/e6b3d5e10e15976af153c4a4e6b349a02fe6c2a9/py4web/utils/auth.py#L35

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/9608a9ab-d338-4580-9d02-31b9b9a30782%40googlegroups.com.

[Val K]

check request.content_type - is that 'application/json' ?

On Thursday, February 20, 2020 at 9:28:43 PM UTC+3, Ramos wrote:

getting this from py4web as an api. 

Is not what i would like to see from a SPA standpoint.

Regards

António

Em qui., 20 de fev. de 2020 às 18:03, Val K <valq...@gmail.com> escreveu:

It seems it depends on request.content_type
https://github.com/web2py/py4web/blob/e6b3d5e10e15976af153c4a4e6b349a02fe6c2a9/py4web/utils/auth.py#L35

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to web...@googlegroups.com.

[Kevin Keller]

With a Spa the routing is done in Javascript in the Browser.

So Javascript or Vue / React etc need. To check if the user has a access or id_token and if not redirect to the login page to obtain it.

Doing crud and be able to secure those crud rest routes will be critical for productivity. 

So we need a simple jwt token minting engine that at least can spit out a access token for prototyping and and easy way to switch over to other IAM solutions with py4web for production that can do the token minting. 

That is something I am currently working on the whole oidc auth part make it easy and I also want to make it available for web2py. 

I have updated and got the oauth2 login provider working with Okta yesterday and web2py. 

Will share this. Code asap and sent a push to git to have that provider updated and at some providers for different IAM solutions for both web2py and py4web going forward. 

Will try to share an example with py4web asap once I have something working. 

Will probaly be on the. Weekend. 

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/77ac539d-a83e-4931-ae79-424c3a4711fd%40googlegroups.com.

[Val K]

As I know py2web already stores _session_token as jwt, no? 

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/77ac539d-a83e-4931-ae79-424c3a4711fd%40googlegroups.com.

[Richard Vézina]

UP!

Is py4web has jwt token mechanism??

Evaluating py4web currently (yes getting back to good stuff loved web2py and pydal)...

I would need py4web to support jwt (https://jwt.io/). I recall that been implement in web2py

Not found anything in the doc about it : https://py4web.com/_documentation/static/en/chapter-11.html

Thanks

Richard

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/1e3387f6-bf14-406f-9c6b-306a06630961%40googlegroups.com.

[Kevin Keller]

Look for the email thread with the following title in the py4web google group and you ll find a way: 

Sample Code simple JWT Auth for pydal API

in the 

Powered by cloudHQ

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAKk5xSzm%3DeCCd24Z0ZXF%3DtikA5Z_GXUet1SDGeEMPGVH%3DdRt1A%40mail.gmail.com.

[Richard Vézina]

Thanks

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CADHCKLSoHnK-20XDA29kQr8MEN%2BLUHh-uw%2BaMu64443GiRi2KA%40mail.gmail.com.

[Nico Zanferrari]

BTW,

in fact JWT  is cited here : https://py4web.com/_documentation/static/en/chapter-04.html#sessions - and I'm even currently working for expanding it ;-)

Nico

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAKk5xSzOTA%2Bnu7PVZhRttEGmfA6h2KTV9evWn30FWXbLA9POMw%40mail.gmail.com.

[Kevin Keller]

What are the current files that would need to be fixed to be pyjwt 2 compatible?

auth and form no?

Anything else?

Powered by cloudHQ

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAAE8D_CRcCq0vEHwr346pKBEVS43Ys03NMPNDo5QBk7efZiDkQ%40mail.gmail.com.