JWT tokens inside Cookies

[phrfpeixoto]

These changes adds support for using JWT token on HttpOnly cookies.

Key benefits are:

• Cookies are usually dealt with automatically by browsers.
• Allow sliding sessions
• Still stateless: does not use server-side sessions

[phrfpeixoto]

Thanks for the comments. I'll assess this again as soon as I can find some time.

[phrfpeixoto]

@wichert I found some time to dedicate to this, but it seems your current master branch is failing tests.

[phrfpeixoto]

@wichert I have rebased this branch to the current master and augmented tests. Coverage looks good to me at this time. Please review my last comments and let me know if you need any changes.

Please note that there's always the option that we bake the whole cookie support within the original JWTAuthenticationPolicy class instead of coding a new policy like I did. Let me know if you find that a better solution.

[wichert]

This looks very good! Can you please also add an example to the README?

[dragonnn]

Hi, what is the progress? I am starting with a new site using pyramid and would love to use tokens inside Cookies.

[phrfpeixoto]

Hi!
I'm sorry I haven't found the time to push the code. It's ready and just needs a bit of cleanup.
I'll do it this weekend.

[dragonnn]

Great! Pleas provide also some examples, I installed it manually and now trying to figure out how it is working.

[phrfpeixoto]

@wichert @dragonnn Updated the PR with some fixes and documentation. Could you please review it again?

Again: Please note that there's always the option that we bake the whole cookie support within the original JWTAuthenticationPolicy class instead of coding a new policy as I've done. Let me know if you find that a better solution.

[wichert]

@phrfpeixoto This looks great! I’ve merged the pull request and will look at making a release soon.

[phrfpeixoto]

Nice!

[dragonnn]

I can confirm it works fine :), can you bump the version/create a release so pip catches it?