Flask-JWT-Extended is an opinionated Flask extension that adds support for using JSON Web Tokens (JWT) to protect views. It also many helpful (and optional) features built in to make working with JSON Web Tokens easier.
Questions tagged [flask-jwt-extended]
143 questions
4
votes
3 answers
How to fake JWT Authorization outside of request context and get current identity?
I'm creating a Flask app with JWT Authorization and trying to test services with PyTest.
I successfully added tests to endpoints, but when I trying to add unit tests for certain function I can't access current user, because…
ShaVas
- 41
- 5
4
votes
1 answer
How to store jwt token in redis in flask-jwt-extended?
I want to know how flask-jwt-extended works with autoscaling environment and is there any way to store token in centralized server (redis) and access over all autoscaling instances.
Gitesh Shinde
- 68
- 5
3
votes
0 answers
Flask + Vue -- Cookie authentification refresh token not working?
I am creating a web app with Flask and Vue.js...
I got everything working so far but when the access token expires, the refresh process doesn't work.
Cookies seem to be set in browser correctly:
Here is the important flask configuration:
... …
TheSaltyOne
- 51
- 7
3
votes
1 answer
AttributeError: 'JWTManager' object has no attribute 'token_in_blacklist_loader'
I'm getting this weird error when adding the flask-jwt-extended decorator token_in_blacklist_loader in to my code. here is the error:
Traceback (most recent call last):
File "home/app.py", line 42, in
…
Ericgit
- 6,089
- 2
- 42
- 53
3
votes
2 answers
flask-jwt-extended: decorator @jwt.token_in_blacklist_loader always revoked token
in my app.py I initialized flask-jwt-extended as follow:
# Setup the Flask-JWT-Extended extension
app.config['RESTPLUS_MASK_SWAGGER'] = False # remove default X-Fields field in swagger
app.config['JWT_SECRET_KEY'] = 'super-secret' # Change…
Gerry
- 101
- 1
- 7
3
votes
2 answers
Api with flask-jwt-extended with authentication problems?
I have built an api with flask-restful and flask-jwt-extended and have correctly configured the validation passages for token expiration and invalidation. However, even though it has built the token expiration and invalid validation callbacks, api…
vic.py
- 409
- 10
- 22
3
votes
1 answer
How should I handle exceptions raised in @jwt_required decorator? (in flask-jwt-extended)
I have a function with @jwt_required decorator.
class Test(Resource):
@jwt_required
def get(self):
return {"test": "ok" }
Which works fine when the correct HTTP header is set, i.e.
Authentication: Bearer [TOKEN]
but when the token…
user1005265
- 83
- 1
- 4
3
votes
2 answers
getting NoAuthorization Header Missing Exception while using flask-jwt-extended
When I try this example and if the jet token is not provided by header I get error:
{
"msg": "Missing cookie \"access_token_cookie\""
}
example:
from flask import Flask, jsonify, request
from flask_jwt_extended import (
JWTManager,…
Ciasto piekarz
- 7,853
- 18
- 101
- 197
3
votes
1 answer
What's the most secure way to store a jwt and still be able to access it from javascript?
I'm working with Flask and restful API to handle my user management calls.
Example scenario:
Let's say I'm using JWTs to secure my reset password end-point.
I experimented with a less secure method, for now, where I grab the token as a part of the…
Priya Sreetharan
- 57
- 1
- 9
3
votes
4 answers
How do you check whether user is logged using flask-jwt-extended before logging him in.?
I am developing an API using flask-restful. I want to make sure that when a user is logged in, he cannot log in again unless he is first logged out. I am using flask-jwt-extended and am wondering whether there is a way to check where user is already…
Meshack Mbuvi
- 401
- 4
- 16
3
votes
0 answers
Using double submitted CSRF tokens (header + cookie) in HTML forms?
I'm using a combination of flask-jwt-extended for JWT authentication, and I've enabled CSRF protection, meaning for certain HTTP methods (PUT, POST, DELETE...), it is required that the value in the cookie and the HTTP header match.
This works fine…
Tomáš M.
- 752
- 7
- 24
3
votes
2 answers
flask-jwt-extended: customizing error message
When the flask-jwt-extended token has expired, a HTTP request will result in this JSON response
{
"msg": "Token has expired"
}
My application has a fixed error response format:
{
"message": "Project name 'Test 8' already exist.",
"error":…
Hanxue
- 12,243
- 18
- 88
- 130
2
votes
1 answer
DeprecationWarning: '_reque st_ctx_stack' is deprecated and will be removed in Flask 2.3
I am running pytest in flask and getting following deprecation warning:
the application is pretty simple using flask_jwt_extended for authentication.
\venv\lib\site-packages\flask_jwt_extended\view_decorators.py:11: DeprecationWarning:…
JayantSeth
- 348
- 1
- 12
2
votes
1 answer
How to provide authorization header from flask api to vueJS
I am working on a login page which uses JWT for authorization. The authorization is working fine in the backend. But when I try to authorize the page using axios from VueJS, I am getting an error saying Missing authorization header. I wanna know how…
MAHEEDHAR A
- 51
- 6
2
votes
1 answer
flask jwt extended protect only specified request methods
I have several general purpose routes in my API:
...
/api/general/user_types
/api/general/dlc_types
...
I want to have the GET method opened for all users without JWT token, but the POST, PUT and DELETE methods only accessible when the JWT token is…
Dimitar
- 1,148
- 8
- 29