Using Json Web Tokens with Flask-Oauthlib

Question

For a client project I am developing a web app that is using Flask for the backend.

So I decided to use Flask-oauthlib in a attempt to make supplying refresh tokens, and revoking access tokens simple. However, there is something I am still having a hard time wrapping my head around.

When writing the oauth server, how can I have it generate and serve JSON Web Tokens over using the default access/refresh tokens?

Another thing I would also like to know is how would I go about validating JSON Web Tokens from http requests?

Any advice is appreciated.

Do you think I would have posted an answer if I already did? smh — TechEmperor95, Apr 17 '18 at 10:02

score 5 · Accepted Answer · answered May 08 '18 at 05:23

I'm the author of Flask-OAuthlib. It is hard to implement such thing with this library. I have created a new library which is Authlib. With this library, it would be quite easy to create an OAuth server as you described.

Authlib itself has JWT included. First, learn how to create JWT and validate JWT on https://docs.authlib.org/en/latest/specs/rfc7519.html

For generating access token and refresh token, you can configure it with

OAUTH2_ACCESS_TOKEN_GENERATOR and OAUTH2_REFRESH_TOKEN_GENERATOR as described on https://docs.authlib.org/en/latest/flask/oauth2.html#define-server

Using Json Web Tokens with Flask-Oauthlib

1 Answers1