Skip to content

qnts/jwt_provider

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits

.vscode

.vscode

 
 

controllers

controllers

 
 

models

models

 
 

security

security

 
 

static

static

 
 

views

views

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

__init__.py

__init__.py

 
 

__manifest__.py

__manifest__.py

 
 

jwt_http.py

jwt_http.py

 
 

util.py

util.py

 
 

validator.py

validator.py

 
 

Repository files navigation

jwt_provider

⚠️ Looking for odoo 14 module?

Meet jwt_provider2 which is a completely rework, only for Odoo 14 (and above, maybe).

Description

This module is meant for developers, building endpoints for web and mobile app.

Currently supports odoo 11.0 12.0 and 13.0.

Attention: There is a break change in 13.0, see the Installation section.

Prerequisites

This module require pyjwt and simplejson to be installed. Run:

pip3 install pyjwt
pip3 install simplejson

If you run odoo in docker, remember to login to bash in docker container and run the above command.

Installation

Download or clone this repo and move it to odoo addons dir. Install it via odoo just like a normal module.

Version 13: now will get secret key from os ENV, using os.environ.get('ODOO_JWT_KEY').

  • If you're running odoo locally (or inside a docker container), run EXPORT ODOO_JWT_KEY="your_key".

  • If using docker compose, add ODOO_JWT_KEY=your_key in environment section of yml file.

Developer

Developers might need to verify jwt token inside private endpoints:

http_method, body, headers, token = jwt_http.parse_request()
result = validator.verify_token(token)
if not result['status']:
    return jwt_http.errcode(code=result['code'], message=result['message'])

To Do

  • Add an interface to store secret key (instead of hard-coding the key) and ability to pick a hashing algorithm (currently we use HMACSHA256).

Endpoints

For private endpoints, include your jwt token in the header like this:

Authorization: Bearer your_token
  1. Login
POST /api/login

Request payload:

email=user@odoo.com&
password=password

Response:

400: Incorect login

200: OK

{
  "data": {
      "user": {
          "id": 8,
          "login": "user@odoo.com",
          "company_id": [
              1,
              "My Company"
          ],
          "name": "John"
      },
      "token": "generated_token"
  },
  "success": true,
  "message": null
}
  1. Register
POST api/register

Require: Free signup setting is ON (as well as enabled auth_signup).

On success, response an access token as well.

Request payload:

email=user@odoo.com&
password=password&
name=Your%sName

Response:

400: User input invalid, message might be one of:

Invalid email address
Name cannot be empty
Password cannot be empty
Email address already existed

501: Signup is disabled

200: OK

{
  "data": {
      "user": {
          "id": 8,
          "login": "user@odoo.com",
          "company_id": [
              1,
              "My Company"
          ],
          "name": "John"
      },
      "token": "generated_token"
  },
  "success": true,
  "message": null
}
  1. My profile
ANY /api/me

Response:

498: Token invalid or expired

200: OK, return user object

{
  "data": null,
  "success": {
      "company_id": [
          1,
          "My Company"
      ],
      "avatar": "http://yourwebsite.com/web/avatar/8",
      "name": "Join",
      "id": 8,
      "email": "user@odoo.com"
  },
  "message": null
}
  1. Logout
ANY /api/logout

Response:

498: Token invalid or expired

200: OK, log the user out

About

A simple jwt provider for Odoo 11, 12 and 13

Resources

Readme
Activity

Stars

24 stars

Watchers

5 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages