Token blacklist flask extension

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jakks0 from gravatar.com jakks0

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT License)

Author: Alexander Potts

Classifiers

Project description

🔥Flask_Blacklist🔥

What

It's a Flask extension designed to work with flask_sqlalchemy and flask_pratorian to blacklist tokens!

It stores blacklisted JWT's jti value in an in-memory store, allowing blacklist checks without database calls. However, when a token is blacklisted, it is also persisted to the database.

Why

  • Emulate a redis store without actually using redis! 👍
    • This is almost certainly slower than redis (It's python, after all).
  • Why not, it's an excuse to get to know flask and associated libraries a little bit better. 👍

How

You are using a virtualenv, right?

pip install flask-blacklist

Then in your app factory function, initialize Blacklist after you've initialized your ORM.

# In global scope
from flask_blacklist import Blacklist, is_blacklisted
db = SQLAlchemy()
guard = Praetorian()
bl = Blacklist()

# In the app factory function
app = Flask(__name__)
db.init_app(app)

from app.models import Token, User
bl.init_app(app, Token) # Initialize after your ORM

# is_blacklisted is a helper function that Praetorian uses to determine if a token has been blacklisted
guard.init_app(app, User, is_blacklisted)

The Token database model needs to have two different class methods:

  • Token.blacklist_jti
    • Takes a single parameter, which is the jti string extracted from a JWT
    • This method calll persist the blacklisted jti string to your database.
  • Token.get_blacklisted
    • Should return a list of already blacklisted tokens from the database
    • The tokens returns should have a jti attribute containing string extracted from the token you want to blacklist

Then, in the route that needs to invalidate the token:

@auth_blueprint.route("/v1/auth/token", methods=["DELETE"])
@auth_required
def invalidate_token():
    token = guard.read_token_from_header()
    jti = guard.extract_jwt_token(token)["jti"]
    bl.blacklist_jti(jti)
    rv, code = {"success": True, "message": "token invalidated"}, 200
    return jsonify(rv), code

Copyright 2019 Alexander Potts, MIT license.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jakks0 from gravatar.com jakks0

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT License)

Author: Alexander Potts

Classifiers

Release history Release notifications | RSS feed

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask_blacklist-0.0.1.tar.gz (4.1 kB view hashes)

Uploaded Source

Built Distribution

flask_blacklist-0.0.1-py3-none-any.whl (8.1 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page