Token blacklist flask extension
Project description
🔥Flask_Blacklist🔥
What
It's a Flask extension designed to work with flask_sqlalchemy and flask_pratorian to blacklist tokens!
It stores blacklisted JWT's jti value in an in-memory store, allowing blacklist checks without database calls. However, when a token is blacklisted, it is also persisted to the database.
Why
- Emulate a redis store without actually using redis! 👍
- This is almost certainly slower than redis (It's python, after all).
- Why not, it's an excuse to get to know flask and associated libraries a little bit better. 👍
How
You are using a virtualenv, right?
pip install flask-blacklist
Then in your app factory function, initialize Blacklist after you've initialized your ORM.
# In global scope
from flask_blacklist import Blacklist, is_blacklisted
db = SQLAlchemy()
guard = Praetorian()
bl = Blacklist()
# In the app factory function
app = Flask(__name__)
db.init_app(app)
from app.models import Token, User
bl.init_app(app, Token) # Initialize after your ORM
# is_blacklisted is a helper function that Praetorian uses to determine if a token has been blacklisted
guard.init_app(app, User, is_blacklisted)
The Token database model needs to have two different class methods:
Token.blacklist_jti- Takes a single parameter, which is the
jtistring extracted from a JWT - This method calll persist the blacklisted
jtistring to your database.
- Takes a single parameter, which is the
Token.get_blacklisted- Should return a list of already blacklisted tokens from the database
- The tokens returns should have a
jtiattribute containing string extracted from the token you want to blacklist
Then, in the route that needs to invalidate the token:
@auth_blueprint.route("/v1/auth/token", methods=["DELETE"])
@auth_required
def invalidate_token():
token = guard.read_token_from_header()
jti = guard.extract_jwt_token(token)["jti"]
bl.blacklist_jti(jti)
rv, code = {"success": True, "message": "token invalidated"}, 200
return jsonify(rv), code
Copyright 2019 Alexander Potts, MIT license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file flask_blacklist-0.0.1.tar.gz.
File metadata
- Download URL: flask_blacklist-0.0.1.tar.gz
- Upload date:
- Size: 4.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0e4b031b1e0ac44decd25a0f1e70b59f2c34f23c508a3eea775e21bcda33d3c5 |
|
| MD5 | 4b2ca8600c5fa4778d886f3058cad03c |
|
| BLAKE2b-256 | cacf9b8a7e690483c3e782f980a2b334f2d5ed813b952bff3994aab3b38a6da4 |
File details
Details for the file flask_blacklist-0.0.1-py3-none-any.whl.
File metadata
- Download URL: flask_blacklist-0.0.1-py3-none-any.whl
- Upload date:
- Size: 8.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ad62cee7f3b336f37615dd9aa0efc85992d9fc5ed81418ab17f6244f91447b32 |
|
| MD5 | e372cfd74e9acdb71fd582947da16db8 |
|
| BLAKE2b-256 | beb7a0d7f569d16c626831f5aca9b41dcf0a84ad91338500c8b1ece2de29f1ac |
