1

I already tried reading the documents as well try out the changing default behaviors https://flask-jwt-extended.readthedocs.io/en/latest/changing_default_behavior.html to handle the error (the link shows how to handle expired token) and search around in google everything in every keyword combination i could do but seems no one has example about this.

I tried using @jwt.revoked_token_loader to handle the RevokedTokenError but it seems it doesn't work as I applied it like this

    @jwt.revoked_token_loader
        def revoked_token_response(revoked_token):
            jwtkn = revoked_token['jti']
            return jsonsify({
                'msg': 'token {} already been revoked!'.format(jwtkn)
            )}, 401

actually, i don't know exactly how does the example on the link to handle expired tokens had parameter of 'expired_token', is that self-declaration like what I did above on the 'revoked_token'?? as far as I know, 'jti' is like a default value in the flask-jwt-extended package as I see error whenever I don't use this (in my db, it is different but there is no problem at all.

I tried following this tutorial and it works out fine on my side (as well his original code source) but I see that this one doesn't have a catch exception also on Revoke Tokens https://codeburst.io/jwt-authorization-in-flask-c63c1acf4eeb

I use postman and if based on the tutorial link, here's how i get this

    i do login
    i use the access token generated to access protected routes ('/secrets')
    i do logout
    i use again the access token generated to access protected routes

after the last one, i get this error on my server side (ide): 

    ....flask_jwt_extended\utils.py", line 216, in verify_token_not_blacklisted
        raise RevokedTokenError('Token has been revoked')
    flask_jwt_extended.exceptions.RevokedTokenError: Token has been revoked
    127.0.0.1 -- [02/Jul/2019 22:25:26] "GET /secrets HTTP/1.1" 500 -

in postman, this is what I get:

    {
        'message': 'Internal Server Error'
    }

my target is to send out a custom json response instead of 'Internal Server Error'

edit: I am no wiz on programming or such, a beginner that wanted to practice out python about secured web development. I don't yet quite understand still how decorator works out in terms of application, etc. so i don't know if others tweaks out the flask-jwt-extended package to work such things out.

Mheruian
  • 143
  • 1
  • 8

1 Answers1

4

Getting back a 500 error normally occurs because of a bug in other flask extensions and how that interact with native flask errorhandlers. You can find a bunch of discussions about it here (https://github.com/vimalloc/flask-jwt-extended/issues/86), but the tl;dr version is you might need to set app.config['PROPAGATE_EXCEPTIONS'] = True if using something like Flask-Restul, or use a hack like this if using flask-restplus:

jwt = JWTManager(app)
api = Api()
jwt._set_error_handler_callbacks(api)

If those don't help you, please take a look through that linked github issue, and if nothing in there helps make a reply in that issue detailing your setup.

Cheers.

vimalloc
  • 3,869
  • 4
  • 32
  • 45
  • Whoa?! this is so awesome! I didn't really expect you'll look into it ! hahaha! thank you so much for the reply, Yup! i did use Flask-Restful and the 'app.config['PROPAGATE_EXCEPTION'] = True' definitely works out for me. Thanks again, i didn't know the package has conflict issues on other packages to begin with so i haven't look into it. Thanks for the good sleep :) – Mheruian Jul 02 '19 at 16:02
  • Absolutely, I'm glad that helped! :) It's silly that something that part of core flask breaks in flask-restful or flask-restplus, but alas there isn't much I can do about that from my extension. There are some github issues on those projects describing the error, so hopefully they will eventually fix their stuff up and it will be a more seamless experience. – vimalloc Jul 02 '19 at 16:09