Skip to main content

Token blacklist flask extension

Project description

🔥Flask_Blacklist🔥

What

It's a Flask extension designed to work with flask_sqlalchemy and flask_pratorian to blacklist tokens!

It stores blacklisted JWT's jti value in an in-memory store, allowing blacklist checks without database calls. However, when a token is blacklisted, it is also persisted to the database.

Why

  • Emulate a redis store without actually using redis! 👍
    • This is almost certainly slower than redis (It's python, after all).
  • Why not, it's an excuse to get to know flask and associated libraries a little bit better. 👍

How

You are using a virtualenv, right?

pip install flask-blacklist

Then in your app factory function, initialize Blacklist after you've initialized your ORM.

# In global scope
from flask_blacklist import Blacklist, is_blacklisted
db = SQLAlchemy()
guard = Praetorian()
bl = Blacklist()

# In the app factory function
app = Flask(__name__)
db.init_app(app)

from app.models import Token, User
bl.init_app(app, Token) # Initialize after your ORM

# is_blacklisted is a helper function that Praetorian uses to determine if a token has been blacklisted
guard.init_app(app, User, is_blacklisted)  

The Token database model needs to have two different class methods:

  • Token.blacklist_jti
    • Takes a single parameter, which is the jti string extracted from a JWT
    • This method calll persist the blacklisted jti string to your database.
  • Token.get_blacklisted
    • Should return a list of already blacklisted tokens from the database
    • The tokens returns should have a jti attribute containing string extracted from the token you want to blacklist

Then, in the route that needs to invalidate the token:

@auth_blueprint.route("/v1/auth/token", methods=["DELETE"])
@auth_required
def invalidate_token():
    token = guard.read_token_from_header()
    jti = guard.extract_jwt_token(token)["jti"]
    bl.blacklist_jti(jti)
    rv, code = {"success": True, "message": "token invalidated"}, 200
    return jsonify(rv), code

Copyright 2019 Alexander Potts, MIT license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask_blacklist-0.0.1.tar.gz (4.1 kB view hashes)

Uploaded source

Built Distribution

flask_blacklist-0.0.1-py3-none-any.whl (8.1 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page