Skip to main content

Token blacklist flask extension

Project description

🔥Flask_Blacklist🔥

What

It's a Flask extension designed to work with flask_sqlalchemy and flask_pratorian to blacklist tokens!

It stores blacklisted JWT's jti value in an in-memory store, allowing blacklist checks without database calls. However, when a token is blacklisted, it is also persisted to the database.

Why

  • Emulate a redis store without actually using redis! 👍
    • This is almost certainly slower than redis (It's python, after all).
  • Why not, it's an excuse to get to know flask and associated libraries a little bit better. 👍

How

You are using a virtualenv, right?

pip install flask-blacklist

Then in your app factory function, initialize Blacklist after you've initialized your ORM.

# In global scope
from flask_blacklist import Blacklist, is_blacklisted
db = SQLAlchemy()
guard = Praetorian()
bl = Blacklist()

# In the app factory function
app = Flask(__name__)
db.init_app(app)

from app.models import Token, User
bl.init_app(app, Token) # Initialize after your ORM

# is_blacklisted is a helper function that Praetorian uses to determine if a token has been blacklisted
guard.init_app(app, User, is_blacklisted)  

The Token database model needs to have two different class methods:

  • Token.blacklist_jti
    • Takes a single parameter, which is the jti string extracted from a JWT
    • This method calll persist the blacklisted jti string to your database.
  • Token.get_blacklisted
    • Should return a list of already blacklisted tokens from the database
    • The tokens returns should have a jti attribute containing string extracted from the token you want to blacklist

Then, in the route that needs to invalidate the token:

@auth_blueprint.route("/v1/auth/token", methods=["DELETE"])
@auth_required
def invalidate_token():
    token = guard.read_token_from_header()
    jti = guard.extract_jwt_token(token)["jti"]
    bl.blacklist_jti(jti)
    rv, code = {"success": True, "message": "token invalidated"}, 200
    return jsonify(rv), code

Copyright 2019 Alexander Potts, MIT license.

Project details


Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for flask-blacklist, version 0.0.1
Filename, size File type Python version Upload date Hashes
Filename, size flask_blacklist-0.0.1-py3-none-any.whl (8.1 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size flask_blacklist-0.0.1.tar.gz (4.1 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page