Skip to main content

Token blacklist flask extension

Project description



It's a Flask extension designed to work with flask_sqlalchemy and flask_pratorian to blacklist tokens!

It stores blacklisted JWT's jti value in an in-memory store, allowing blacklist checks without database calls. However, when a token is blacklisted, it is also persisted to the database.


  • Emulate a redis store without actually using redis! 👍
    • This is almost certainly slower than redis (It's python, after all).
  • Why not, it's an excuse to get to know flask and associated libraries a little bit better. 👍


You are using a virtualenv, right?

pip install flask-blacklist

Then in your app factory function, initialize Blacklist after you've initialized your ORM.

# In global scope
from flask_blacklist import Blacklist, is_blacklisted
db = SQLAlchemy()
guard = Praetorian()
bl = Blacklist()

# In the app factory function
app = Flask(__name__)

from app.models import Token, User
bl.init_app(app, Token) # Initialize after your ORM

# is_blacklisted is a helper function that Praetorian uses to determine if a token has been blacklisted
guard.init_app(app, User, is_blacklisted)  

The Token database model needs to have two different class methods:

  • Token.blacklist_jti
    • Takes a single parameter, which is the jti string extracted from a JWT
    • This method calll persist the blacklisted jti string to your database.
  • Token.get_blacklisted
    • Should return a list of already blacklisted tokens from the database
    • The tokens returns should have a jti attribute containing string extracted from the token you want to blacklist

Then, in the route that needs to invalidate the token:

@auth_blueprint.route("/v1/auth/token", methods=["DELETE"])
def invalidate_token():
    token = guard.read_token_from_header()
    jti = guard.extract_jwt_token(token)["jti"]
    rv, code = {"success": True, "message": "token invalidated"}, 200
    return jsonify(rv), code

Copyright 2019 Alexander Potts, MIT license.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask_blacklist-0.0.1.tar.gz (4.1 kB view hashes)

Uploaded Source

Built Distribution

flask_blacklist-0.0.1-py3-none-any.whl (8.1 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page