aiohttp-jwt icon indicating copy to clipboard operation
aiohttp-jwt copied to clipboard
verified publisher icon hzlmn

Example how to use with aiohttp-security

Open hzlmn opened this issue 7 years ago • 9 comments

aiohttp-security adds advanced permission control mechanism in Pyramid style. Would be great to add example how to write simple policy for jwt with this lib.

hzlmn avatar Mar 26 '18 08:03 hzlmn

I was wondering if there was a way to get dynamic secrets, so that way any number of "users" can have separate authentication tokens. Can there be a simple example for this not using any other library?

CMCDragonkai avatar May 11 '21 03:05 CMCDragonkai

Hi, i did not fully get what you mean, jwt tokens by default will be unique for each user so i don't see a reason for multiple secrets. Could you please provide your use case so i can tell more clearly?

hzlmn avatar May 11 '21 08:05 hzlmn

I'm building a REST API on aiohttp and wanted to use jwt to secure it. Wasn't sure if this is in the domain of aiohttp-security. I'm just using plain postgresql for storage and just need a lightweight auth and permission system.

CMCDragonkai avatar May 11 '21 10:05 CMCDragonkai

Got it, I used this library mostly with oauth2 protocol so we had kind like credentials service that provide token and user scopes (aka permissions similary like Github do on their API) . aiohttp-security has a simple jwt policy for this case but you can do it as I understand without it just need a route to obtain token from login credentials with set of permissions and than use login_required or check_permissions decorator. Hope it helps.

hzlmn avatar May 11 '21 10:05 hzlmn

When you say credential service, is that like Ory or Auth0?

Also where are these decorators, in this repo or aiohttp-security?

On 11 May 2021 8:54:10 pm AEST, Oleh Kuchuk @.***> wrote:

Got it, I used this library mostly with oauth2 protocol so we had kind like credentials service that provide token and user scopes (aka permissions similary like Github do on their API) . aiohttp-security has a simple jwt policy for this case but you can do it as I understand without it just need a route to obtain token from login credentials with set of permissions and than use login_required or check_permissions decorator. Hope it helps.

-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/hzlmn/aiohttp-jwt/issues/15#issuecomment-838264868

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

CMCDragonkai avatar May 12 '21 00:05 CMCDragonkai

We had own but overall it similar to what Auth0 do. Decorators are here https://github.com/hzlmn/aiohttp-jwt/blob/master/aiohttp_jwt/permissions.py and some examples here https://github.com/hzlmn/aiohttp-jwt/blob/master/example/permissions.py

hzlmn avatar May 12 '21 08:05 hzlmn