On Thu, 21 Sep 2017 10:07:11 GMT, Sönke Ludwig wrote:

On Wed, 20 Sep 2017 21:46:33 GMT, holo wrote:

Hello

Can i use http://vibed.org/api/vibe.web.auth/ for authentication of registred REST interfaces or it is designed to work only with Web interfaces? I see only examples of such usage.

If i can not use it with REST, how can should i handle it in that case? With "@before"?

Regards
holo

Yes, it's actually usable with the REST interface generator, too, and works just like for web interfaces. But examples are indeed still missing - I'll add one for the next release.

However, there are currently two caveats. @noRoute is only supported for REST interfaces on the current master branch, and there is a bug in conjunction with the Collection!I feature (#1922). I'll tag a new alpha release of 0.8.2 in the coming days with fixes included.

Thank You for helping! I have another question according to auth framework:

How to handle stateless tokens with it? For example from mobile applications which are not using sessions? So we do not have access to res and req variables, and authenticate function require it to work (or maybe im missing something?)?

Maybe there could be good to add second REST authentication function which is not forceing

scope HTTPServerRequest req, scope HTTPServerResponse res

parameters but instead you can use parmHeader(auth, Authentication) or something like that eg:

static struct AuthInfo {
  string JWTToken;
  Json payload = decrypt(JWTToken);
      

  bool isAdmin() { return this.payload["admin"]; }
  bool isEditor { return this.payload["editor"]; }

}


@noRoute AuthInfo authenticate(parmHeader(auth, Authentication)) {
  if(verify(auth) 
    return AuthInfo(auth);
  throw new HTTPStatusException(HTTPStatus.unauthorized);
}

Please correct me if im misunderstanding something according to stateless applicationa and access to req and res variables.