version 4.0.1 (still) doesn't accept tokens created with version 3.4.5
See original GitHub issueThis is related to #461 that I thought I solved with pull request #463
I tried flask security 4.0.1 today, sending to it api tokens created with version 3.4.5, and endpoints decorated with
@flask_security.auth_token_required
failed to authenticate, returning
{
"meta": {
"code": 401
},
"response": {
"error": "You are not authenticated. Please supply the correct credentials."
}
}
In issue #461 I was advised to modify UserMixin.verify_auth_token to handle both old and new token formats. Putting some debugging statements into flask security, I noticed that while for successful calls using tokens made with 4.0.1 UserMixin.verify_auth_token gets called, with old tokens UserMixin.verify_auth_token doesn’t seem to get invoked.
Any chance there is some function earlier in the stack that also needs to be modified?
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (7 by maintainers)
Top Results From Across the Web
Bugzilla 4.0.1 Release Notes
Bugzilla now supports making WebService calls from another domain, inside of a web browser, thanks to support for JSONP. This will allow for...
Read more >Emulator release notes - Android Developers
This update includes Android 11 (API level 30) system images and improved performance when running ARM binaries. Android 11 system images. You can...
Read more >Ops Manager Server Changelog - MongoDB
Supports MongoDB 6.0 as a deployment option, but doesn't display MongoDB ... This release adds a wizard-like interface to generate configuration files in ......
Read more >Bug listing with status RESOLVED with resolution OBSOLETE ...
... doesn't like xerces-2.8" status:RESOLVED resolution:OBSOLETE severity:normal ... Bug:167319 - "Version bump: dev-java/hibernate-3.2.2" status:RESOLVED ...
Read more >python-flask-security(1) - Arch manual pages
New in version 4.0.0. SECURITY_TOKEN_AUTHENTICATION_KEY: Specifies the query string parameter to read when using token authentication. Default: auth_token.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Thanks - that would be great - conftest.py sets up an endpoint for testing @auth_token_required - look at test_common::test_token_auth_via_header_valid_token
instead of just getting the auth_token from logging in - use the same code you did before to create a 3.4.5 compatible token.
Ah, silly me, I assumed that if I installed flask-security with setup.py, then tests would be run against system-wide flask-security, instead of code in working directory, but after some quick checks I see I was wrong. My bad!