Project description

Flask JWT Persistency

This extension was developed to add additional features to JWT like revoke a single token or all tokens issued to a specific user. These features are implemented by persisting the tokens in a database, so JWT looses its stateless property.

Installing

Install and update using pip:

$ pip install flask-jwt-persistency

Full working example (also available at examples folder)

from flask import Flask, request, jsonify
from flask_sqlalchemy import SQLAlchemy
from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jti, get_jwt, get_jwt_identity

from flask_jwt_persistency import JWTPersistency

app = Flask(__name__)
app.config["JWT_SECRET_KEY"] = "super-secret"  # Change this!
app.config["JWTP_DATABASE_URL"] = "sqlite:///jwtptokens.db"  # DB to store the tokens
db = SQLAlchemy(app)
jwt = JWTManager(app)
jwtp = JWTPersistency(app, jwt, db)


@app.route("/auth/login", methods=["POST"])
def login():
    username = request.json.get("username", None)
    password = request.json.get("password", None)
    if username != "test" or password != "test":
        return jsonify({"msg": "Bad username or password"}), 401

    access_token = create_access_token(identity=username)
    jti = get_jti(encoded_token=access_token)

    # Persist the jti in the database
    jwtp.new_token(jti, username)

    return jsonify(access_token=access_token)


# Access a protected route
@app.route("/protected", methods=["GET"])
@jwt_required()
def protected():
    return jsonify({"msg": "You got access to the protected route"})


# Revoke token used in the request
@app.route("/auth/logout", methods=["DELETE"])
@jwt_required()
def logout():
    """Revoke access token"""
    jti = get_jwt()['jti']
    jwtp.revoke_token(jti)


# Revoke all tokens that have been issued to the user that is making the request
@app.route("/auth/logout-from-all-devices", methods=["DELETE"])
@jwt_required()
def logout_from_all_devices():
    """Revoke all tokens"""
    username = get_jwt_identity()
    jwtp.revoke_all_tokens(username)


if __name__ == "__main__":
    app.run(debug=True)

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.0.3

Aug 20, 2021

0.0.2

Aug 20, 2021

0.0.1

Aug 19, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask-jwt-persistency-0.0.3.tar.gz (4.3 kB view hashes)

Uploaded Aug 20, 2021 Source

Built Distribution

flask_jwt_persistency-0.0.3-py3-none-any.whl (4.5 kB view hashes)

Uploaded Aug 20, 2021 Python 3

Hashes for flask-jwt-persistency-0.0.3.tar.gz

Hashes for flask-jwt-persistency-0.0.3.tar.gz
Algorithm	Hash digest
SHA256	`3e00ea3927b564dc6c9bf6b60d72f0b9f1078e6abdf369316f50fb2d04b4b8c9`
MD5	`f70ddb8861e405b053f5f695cf991872`
BLAKE2b-256	`a8c0bf88ddb5312d4319ee9089c10a5d94521ae1f1c14fb82c731220945ed7d7`

Hashes for flask_jwt_persistency-0.0.3-py3-none-any.whl

Hashes for flask_jwt_persistency-0.0.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`a153100e398ec47b7f47d7b878acc23a20fce1cf23529a120f945ee10e533d89`
MD5	`0dc14a968cad2bcf389970169f04f7fd`
BLAKE2b-256	`d069cd162ba56783cd6efae19116c5f391536d0a0a5a9446f824444d92118be8`