tkt via HTTP response headers on mobile client

2018-06-25 17:03:37

I am writing a mobile iOS application, which communicates with a Pyramid app on the backend. I am currently using Pyramid's built-in AuthTktAuthenticationPolicy.

I've met some speed bumps while attempting to authenticate via a mobile client (iPhone). For starters, how would I send and retrieve the auth_tkt cookie that is set by Pyramid.

I understand how this works with a web browser, but, if I want to send this "auth_tkt cookie" in the HTTP response, how can I accomplish this? How do I actually get the auth_tkt secret string. For example, what if I'd like to return it in the JSON body or a custom header of my choosing rather than as the cookie set by Pyramid's remember function?

Secondly, in future requests sent by the client what header do I set with the auth_tkt secret string so that Pyramid recognizes it and appropriately authenticates the client?

Using the Pyramid Helper Classes here, it looks like you can create your own auth_tkt and access it as well. Example from docs:

token = AuthTicket('sharedsecret', 'username',
os.environ['REMOTE_ADDR'], tokens=['admin'])
val = token.cookie_value()

The headers is a webob ResponseHeaders object, it derives from webob multidict. You can get it value by using this:

set_cookie = request.response.headers['set-cookie']

You can refer this link: webob multidict

链接地址: http://www.djcxy.com/p/71958.html

上一篇: Cookie未保存在浏览器中

下一篇: tkt通过移动客户端上的HTTP响应头