Flask-JWT-Extended is an opinionated Flask extension that adds support for using JSON Web Tokens (JWT) to protect views. It also many helpful (and optional) features built in to make working with JSON Web Tokens easier.
Questions tagged [flask-jwt-extended]
143 questions
0
votes
0 answers
How to share JWT Access Token between multiple Flask apps?
I've been trying to share JWT access token with multiple Flask application, but there is no luck. Anyone please kindly advise me how to solve the problem?
I have three flask applications:
localhost:5000
localhost:5001
localhost:5002
I use nginx…
Kimsea Sok
- 140
- 2
- 13
0
votes
1 answer
How to use jwt authorization with python's library requests?
I'm developing a Flask RESTFULL API with flask_jwt_extended library as extension for authorization.
Now, I have two usuals resources for register an user and for login, that works perfectly. With login resource an user can give their email and…
Á. Garzón
- 345
- 2
- 15
0
votes
2 answers
Flask, flask-jwt-extended - trying to custom handle Unauthorized error
I am building a flask webapp and I am trying to return custom error message in case of 401 error which is raised when auth header is missing. For Authentication I use Flask-Jwt-Extended. I want to overwrite expired_token_loader(callback) to return…
jestrabikr
- 420
- 5
- 12
0
votes
1 answer
How to redirect if jwt is not presented in the request using Flask-jwt-extended
Is there a built-in way to redirect to login page if user comes without JWT or wrong JWT is used?
@api.route('/private', methods=['GET'])
@jwt_required()
def protected():
logged = get_jwt_identity()
return jsonify(logged_in=logged), 200
Alexey Nikonov
- 4,958
- 5
- 39
- 66
0
votes
1 answer
throwing error for flask jwt extended refresh token
I am trying to implement refresh token system in flask_jwt_extended, I followed official documentation. When I try to get new access_token with refresh_token using postman I get the response with new access token. But when I try with axios call it…
venkat g
- 67
- 8
0
votes
1 answer
Flask-JWT-Extended set cookies with double submit cookie method, prevent HTTP-only cookie
I'm using Flask-JWT-Extended and double submit cookie method from there for my Flask backend and React Frontend. So when user logs in from frontend, backend sets total of 4 different cookeis: csrf_access_token, csrf_refresh_token,…
Jessi
- 1,378
- 6
- 17
- 37
0
votes
1 answer
Flask app doen't register jwt.user_lookup_loader, Flask-JWT-Extended
I have a Flask app with blueprints. It worked just fine, but than I decided to use flask_jwt_extended to handle tokens. It is said in docs that I can decorate method with jwt.user_lookup_loader to have current_user working. But for some reason…
Michail Highkhan
- 517
- 6
- 18
0
votes
1 answer
Setting Refresh Token Signing Key to User's Hashed Password Using Flask_jwt_extended
I am new to flask. I was trying to set the refresh tokens signing key as the users hashed password. I only want the refresh tokens signing key to contain the users hashed password and not the access token. I went through the flask_jwt_extended docs…
Aditya Kurkure
- 422
- 5
- 19
0
votes
1 answer
flask_jwt_extended not checking for X-CSRF-TOKEN in header
I have the following request being sent in React Native:
const getData = async (cookie) => {
const resp = await fetch('/some_info');
const data = await resp.json();
console.log(data)
}
as you can see I purposefully did not add the…
39fredy
- 1,923
- 2
- 21
- 40
0
votes
1 answer
Adding JWT to cookie at login using flask security
Description: I'm trying to set the jwt token at login using
flask_jwt_extended.set_access_cookies and flask_jwt_extended.set_refresh_cookies but the issue is that I cannot set this at the /login endpoint because that is auto created by…
39fredy
- 1,923
- 2
- 21
- 40
0
votes
1 answer
Flask-JWT-Ext get_current_user(), get_jwt_identity() returns None despite having tokens
Thanks for taking a look. I am trying to implement Flask-JWT-Ext. I have redis blacklist implemented in order to revoke my tokens.
I am trying to use get_current_user(), get_jwt_identity() etc but it is returning None, despite passing in the access…
anongal
- 45
- 2
- 8
0
votes
1 answer
Checking for JWT ALG
I'm using flask-jwt-extended library for my authentication, everything works but I want to check if someone sent a manipulated JWT token with ALG = none, since that's a known vulnerable point that's used to deceive the server.
I looked into the…
Hi There
- 167
- 1
- 5
- 12
0
votes
1 answer
How to choose which decorator to apply based on condition?
Can decorators be applied based on condition ? Below is a trivial example:
import os
def bold_decorator(fn):
def wrapper(*args, **kwargs):
return '**' + fn(*args, **kwargs) + '**'
return wrapper
def italic_decorator(fn):
def…
Dinko Pehar
- 5,454
- 4
- 23
- 57
0
votes
1 answer
How to set the 'iss' claim of JWT using Flask-JWT-Extended's create_access_token()
Is there a way to set the iss claim of the JWT that is generated by create_access_token of Flask-JWT-Extended?
I tried to put the iss claim under the parameter 'user_claims' of the create_access_token:
access_token = create_access_token(
…
Paul
- 275
- 1
- 2
- 13
0
votes
3 answers
How can I make sure a JWT doesn't expire on the user
So I'm able to create aa JWT on login using flask-jwt-extended
I set the expiration to 5 minutes.
So I have routes in my VueJS app and when they are called(beforeeach) I make a call to "/api/check" to make sure that the token is valid.
All other API…
BostonMacOSX
- 1,369
- 2
- 17
- 38