Use JWT with TurboGears2

Question

I'm currently stopped in my work because of some authentication work on a project. I set up a REST API, which needs to have a JWT authentication system. Some work was already done and I overrode it. So the library used was Python's TurboGears2, and I used PyJWT to manage tokens.

My WS and the token's creation works well. The post method with auth info JSON request's body can create a token, that's sent in the response. But after that, when I do a 'GET' request on the restricted resource, I can't retrieve the token.

What I do: send a GET request to the restricted resource, with "Authorization: Bearer <TOKEN>" in request headers.

But when I do a 'request.authorization' in my web service function, I always get 'None'. Do I need to set up a full auth system using TurboGears to access this header? thanks for help

Answer 1

Where are you trying to access the request.authorization from?

I tried with a newly quickstarted application and modified the index to print the authorization header:

@expose('testauth.templates.index')
def index(self):
    """Handle the front-page."""
    print(request.authorization)
    return dict(page='index')

And I sent the authorization header from Postman.

It worked fine and printed my test header

Authorization(authtype='Bearer', params='HELLO')

I also tried to disable any auth_backend so that authentication is disabled and it still works as expected.