How do you check whether user is logged using flask-jwt-extended before logging him in.?

Question

I am developing an API using flask-restful. I want to make sure that when a user is logged in, he cannot log in again unless he is first logged out. I am using flask-jwt-extended and am wondering whether there is a way to check where user is already logged in before trying to log him in.

Cookies are one of the options to consider to keep session. On the server side when a user logs in, it should create a unique token for that user and keep the session open until user is logged out either by session no activity or by user action. The already loggedin user should have a token so if token is null on cookie, then the user is logged off, if there is a logged in user, it should return the token. One good option is firebase. It will save you tons of time and so can focus on other dev. If you want a persistent one user login at a time, then you can write code to check isloggedin() — Michael Seltene, Apr 08 '18 at 11:56

score 4 · Answer 1 · answered Jan 09 '20 at 16:21

You can try with jwt_optional decorator, but it will rise an error in case if token expired or invalid:

@app.route('/hello')
@jwt_optional
def hello():
    user = get_gwt_identity()

Or just check if token is valid and return user. User will be none in case of invalid token:

from flask_jwt_extended import get_jwt_identity, verify_jwt_in_request_optional

def get_identity_if_logedin():
    try:
        verify_jwt_in_request_optional()
        return get_jwt_identity()
    except Exception:
        pass

@app.route('/hello')
def hello():
    user = get_identity_if_logedin()
    # check if user is loged in
    if user:
        # user var here has jwt_identity

score 0 · Answer 2 · answered Apr 08 '18 at 17:56

One option might be to use the jwt_optional decorator on your base route and return a redirect to the login page if the user is not logged in: http://flask-jwt-extended.readthedocs.io/en/latest/optional_endpoints.html

If the backend is just an API, a better option may be to look for the access token in your frontend (in local storage or wherever you have it saved) and put the logic of if you should be shown the login page or not there.

archienorman · Answer 3 · 2019-11-26T11:57:33.683

0

In a protected endpoint, this will return the identity of the JWT that is accessing this endpoint. If no JWT is present,None is returned instead.

Please see API reference:

from flask_jwt_extended import jwt_required, jwt_optional, get_jwt_identity

if get_jwt_identity():
    pass

edited Nov 26 '19 at 11:57

answered Nov 13 '19 at 15:19

archienorman

1,434
3
20
36

score 0 · Answer 4 · answered Sep 08 '22 at 13:12

If you want to replicate "if current_user is auth" from flask_login, you can create a custom decorator.

def jwt_login_required():
  def wrapper(fn):
    @wraps(fn)
    def decorator(*args, **kwargs):

        jwt = verify_jwt_in_request(optional=True)

        if(get_jwt_identity()):
            return current_app.ensure_sync(fn)(*args, **kwargs)

        else:         
            return redirect(url_for('login'))

    return decorator

return wrapper

and then you can use it in your app

@app.route("/hello")
@jwt_login_required()
def hello():
 return render_template('/hello.html')

How do you check whether user is logged using flask-jwt-extended before logging him in.?

4 Answers4