0

I've been trying to share JWT access token with multiple Flask application, but there is no luck. Anyone please kindly advise me how to solve the problem?

I have three flask applications:

  1. localhost:5000
  2. localhost:5001
  3. localhost:5002

I use nginx reverse proxy for forwarding traffic to the backend apis based on the frontend requests. For instance:

  1. auth.example.com to localhost:5000
  2. service1.example.com to localhost:5001
  3. service2.example.com to localhost:5002

The three flask applications using jwt-extended with same configuration. SECRET_KEY and JWT_SECRET_KEY of the three applications are pretty much the same.

when login to auth.example.com, I received the access token. However, I cannot use the token to make request on service1.example.com.

I receive 422 error with following response body

{
    "errors": "Missing claim: identity"
}

The access token can only use with auth.example.com

Kimsea Sok
  • 140
  • 2
  • 13
  • 1
    *"are pretty much the same."* What does that mean? Are they the same or not? – Klaus D. Oct 20 '21 at 10:15
  • What does your code look like? How dows the JWT look like? How did you configure the identity claim? – Mandraenke Oct 20 '21 at 10:18
  • Did you put even the identity to the created token at all, e.g.: `jwt_token = create_access_token(identity=username)`? – Mandraenke Oct 20 '21 at 10:22
  • https://flask-jwt-extended.readthedocs.io/en/stable/basic_usage/ - these examples work, even when using two running instances. – Mandraenke Oct 20 '21 at 10:30
  • @KlausD. yes, of course. they're all the same. – Kimsea Sok Oct 20 '21 at 14:21
  • @Mandraenke here is how I create token access_token = create_access_token( current_user["id"], additional_claims=current_user ) – Kimsea Sok Oct 20 '21 at 14:24
  • 1
    Paste your generated JWT in a tool like the debugger of https://jwt.io/ - the claim `identity` will be missing i bet – Mandraenke Oct 20 '21 at 15:01
  • @Mandraenke, I can get_jwt_identity() function in auth.example.com and here how the jwt.io looks like https://prnt.sc/1wx2aic . Any idea? – Kimsea Sok Oct 21 '21 at 04:26
  • 1
    Your token does not contain `identity` as such. There is `jti` - look for `app.config['JWT_IDENTITY_CLAIM'] = 'jti'` maybe that fixes it. – Mandraenke Oct 21 '21 at 05:17
  • @Mandraenke, the JWT_IDENTITY_CLAIM is set to "sub", but let's me make sure three application have the same claim setting. – Kimsea Sok Oct 21 '21 at 06:19
  • Maybe create an extra API to transfer the access token between the apps? – Rigon Oct 20 '21 at 21:20

0 Answers0