Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #72924
| Path | csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed3a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <demianbrecht@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.006 |
| X-Spam-Evidence | '*H*': 0.99; '*S*': 0.00; 'url:pypi': 0.03; 'subject:Django': 0.03; 'subject:skip:a 10': 0.09; 'subset': 0.09; 'cc:addr:python-list': 0.11; '6:30': 0.16; 'mutable': 0.16; 'smith"': 0.16; 'subject: \n ': 0.16; 'subject:?)': 0.16; 'subject:based': 0.16; 'token,': 0.16; 'url:)': 0.16; 'wrote:': 0.18; '(but': 0.19; 'cc:addr:python.org': 0.22; 'cc:2**0': 0.24; "i've": 0.25; '>': 0.26; 'generally': 0.29; "doesn't": 0.30; 'message-id:@mail.gmail.com': 0.30; '(including': 0.33; 'url:python': 0.33; 'implemented': 0.33; 'could': 0.34; 'subject: (': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'belong': 0.36; 'providers': 0.36; "didn't": 0.36; 'url:org': 0.36; 'server': 0.38; 'pm,': 0.38; 'moving': 0.39; 'algorithms': 0.60; 'subject:? ': 0.60; 'such': 0.63; 'side': 0.67; 'subject:system': 0.84; 'opt': 0.97 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=LnfY4NwKi4y+tL1DyrBiVn7tamohfPm+ievUOhP9n5Y=; b=kwWScUvW0Cjbg6xDiBrEUYKHQ9bP3JIzWzwuLSETsbNWk9X/Nxy6HWIyLX+f2LXPRX fC2hG1YY67URyjyIAQnnUOeaKv88aVKom2Q2ib0ayy+GT/6nad6h/5UK2B+k0Q850Ylw 0zjC1vedzhm6VV8Meo5+q+71ejdRyum+ZfI32KxVuncSPDr2PM06QI8n0cmkKgLZo5lS KOjwMgY+o3Yy8thpKZ6FUFNLLrD0iMu+aYwoFZS7WkekjK83USmVbJc15/Eui7ikGlpV iVO8eCSKfE++Gqp16RiTy5E5uOI6B18d+2Nt9bLDsNJ8RpG6Dzcx/1hDlYVv8Ljrq0WN vADA== |
| MIME-Version | 1.0 |
| X-Received | by 10.152.1.168 with SMTP id 8mr2455575lan.62.1402166160124; Sat, 07 Jun 2014 11:36:00 -0700 (PDT) |
| Date | Sat, 7 Jun 2014 11:36:00 -0700 |
| Subject | Token-based authentication (was http.server.BaseHTTPRequestHandler basic auth logout? Django authentication system for REST interface?) |
| From | Demian Brecht <demianbrecht@gmail.com> |
| To | Roy Smith <roy@panix.com> |
| Content-Type | multipart/alternative; boundary=089e013c6b4ce3f0d804fb433f47 |
| Cc | Python <python-list@python.org> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.10856.1402166168.18130.python-list@python.org> (permalink) |
| Lines | 42 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1402166168 news.xs4all.nl 2922 [2001:888:2000:d::a6]:58885 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:72924 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
On Jun 6, 2014 6:30 PM, "Roy Smith" <roy@panix.com> wrote: > We would have to keep state on the server side about every extant valid > token (but then again, we need to do that now, for each session). If you didn't want to have to manage such state server side, you could opt to use JWTs (http://datatracker.ietf.org/wg/jose/). A number of auth providers (including Microsoft and Google) are moving to using these as well. Of course, /some/ server side state would have to be managed to deal with invalidation or any other mutable data that doesn't belong in a token, but it's generally minimal. [Shameless plug] I've implemented a subset of the algorithms for both JWE and JWSs as a part of https://pypi.python.org/pypi/jose.
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Token-based authentication (was http.server.BaseHTTPRequestHandler basic auth logout? Django authentication system for REST interface?) Demian Brecht <demianbrecht@gmail.com> - 2014-06-07 11:36 -0700
csiph-web