How can I set a persistent JWT token header in flask?

Question

I can't seem to find a way to set the JWT Token as a header in each HTTP Request without the help of Javascript.

Currently I have my application setup to use the methods 'set_access_cookies' and 'unset_access_cookies' to keep track of the session. However, just unsetting the cookie does not invalidate the cookie. Therefore, I would like to use JWT in the header so that I can use the blacklist.add() method as blacklist.add() appears to not be able to look at cookies from my testing.

My Login function:

@app.route('/v1/login', methods=['POST', 'GET'])
def auth_user():
    ''' auth endpoint '''
    if request.method == 'POST':
        data = validate_user(request.get_json())
        if data['ok']:
            data = data['data']
            user = mongo.db.users.find_one({'email': data['email']}, {"_id": 0})

            if user and flask_bcrypt.check_password_hash(user['password'], data['password']):
                access_token = create_access_token(identity=data)
                refresh_token = create_refresh_token(identity=data)

                resp = make_response(render_template('index.html'), 302)
                set_access_cookies(resp, access_token)
                return resp

            else:
                return jsonify({'ok': False, 'message': 'invalid username or password'}), 200
        else:
            return jsonify({'ok': False, 'message': 'invalid username or password'}), 200
    elif request.method == 'GET':
        return render_template('/api/v1/login.html')

My Logout function:

@app.route('/v1/logout', methods=['POST'])
def logout():
    ''' logout user endpoint '''

    resp = jsonify({'logout': True})
    unset_jwt_cookies(resp)
    return resp, 200

This works fine, but is there an easy way to place the JWT as a persistent header instead?

Answer 1

I forgot to set 'JWT_COOKIE_CSRF_PROTECT' in my config so my POST request to logout was returning Unauthorized before it could be blacklisted.