Oleh Kuchuk
Oleh Kuchuk
Hi, i did not fully get what you mean, jwt tokens by default will be unique for each user so i don't see a reason for multiple secrets. Could you...
Got it, I used this library mostly with oauth2 protocol so we had kind like credentials service that provide token and user scopes (aka permissions similary like Github do on...
We had own but overall it similar to what Auth0 do. Decorators are here https://github.com/hzlmn/aiohttp-jwt/blob/master/aiohttp_jwt/permissions.py and some examples here https://github.com/hzlmn/aiohttp-jwt/blob/master/example/permissions.py
Wow, cool. thank you. Let me know if you are willing to be added as a collaborator to repo.
Some other jwt providers https://jwt.io/ - python-jose - jwcrypto
@camin-mccluskey Currently no, as for my needs it was not mandatory and no one requested it before. I will try to come up with something working in next few days....
@camin-mccluskey thanks for feedback, will take a look on multi-tenancy. > Also I was wondering if this could be applied at a router level (as opposed to an app level...
@camin-mccluskey I meant that instead of whitelisting right now you can skip jwt on all routes with setting `credentials_required` to `False` here https://github.com/hzlmn/aiohttp-jwt/blob/master/aiohttp_jwt/middleware.py#L18 and then protecting necessary routes with `@login_required`...
@camin-mccluskey my bad good catch.
Aiohttp-security will drop decorators soon. Plus they have strong opinion about such combined permissions. And my usecase is lean microservice so i do not want another library for basic permission...