Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Refresh token with complex object
See original GitHub issueHello everyone,
I am trying to do is refresh token with complex object. My code is as follows:
from flask import Blueprint, jsonify, request
from flask_jwt_extended import jwt_required, create_access_token, \
jwt_refresh_token_required, create_refresh_token,\
get_jwt_identity, get_jwt_claims
from utility import to_dict
from my_app.auth.models import User
from my_app import app
from flask_jwt_extended import JWTManager
auth = Blueprint("auth", __name__)
jwt = JWTManager(app)
# This is an example of a complex object that we could build
# a JWT from. In practice, this will likely be something
# like a SQLAlchemy instance.
class UserObject:
def __init__(self, username, roles):
self.username = username
self.roles = roles
# Create a function that will be called whenever create_access_token
# is used. It will take whatever object is passed into the
# create_access_token method, and lets us define what custom claims
# should be added to the access token.
@jwt.user_claims_loader
def add_claims_to_access_token(user):
return {'roles': user.roles}
# Create a function that will be called whenever create_access_token
# is used. It will take whatever object is passed into the
# create_access_token method, and lets us define what the identity
# of the access token should be.
@jwt.user_identity_loader
def user_identity_lookup(user):
return user.username
@auth.route('/login', methods=['POST'])
def login():
data = to_dict(request.form, request.args, request.get_json())
username = data['username']
password = data['password']
if (username is None) or (password is None):
return jsonify({"msg": "Bad username or password"}), 401
log_user = User(username, password)
if not log_user.IsUser:
return jsonify({"msg": "Bad username or password"}), 401
if len(log_user.dashboard_groups) == 0:
return jsonify({"msg": "Forbidden"}), 403
user = UserObject(log_user.username, log_user.roles)
ret = {
'access_token': create_access_token(identity=user),
'refresh_token': create_refresh_token(identity=user)
}
return jsonify(ret), 200
# The jwt_refresh_token_required decorator insures a valid refresh
# token is present in the request before calling this endpoint. We
# can use the get_jwt_identity() function to get the identity of
# the refresh token, and use the create_access_token() function again
# to make a new access token for this identity.
@auth.route('/refresh', methods=['POST'])
@jwt_refresh_token_required
def refresh():
user = UserObject(get_jwt_identity(), get_jwt_claims())
ret = {
'access_token': create_access_token(identity=user),
'refresh_token': create_refresh_token(identity=user)
}
return jsonify(ret), 200
@auth.route('/protected', methods=['GET'])
@jwt_required
def protected():
username = get_jwt_identity()
roles = get_jwt_claims()
print(roles)
return jsonify(logged_in_as=username), 200
If I log in using my username and password, login function works just fine, I get my refresh token and access token. then If I hit protected endpoint, it works fine, it prints me all roles that I have store.
However, if I hit refresh endpoint, then hit protected endpoint, I don’t see any roles printed. I believe when I try to connect to refresh endpoint. I loose all role related data. when I print(get_jwt_claims()), it doesn’t print anything in refresh end point.
If I am not wrong, when I hist refresh endpoint then it is looking for roles base upon refresh token. which is null and that is creating issue.
Issue Analytics
- State:
- Created 6 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Tokens from Complex Objects - Flask-JWT-Extended
This extension provides the ability to pass any object to the create_access_token() function, which will then be passed as is to the user_claims_loader()...
Read more >How to Achieve a Senseless Refresh Token - Level Up Coding
refreshToken is a concept in Oauth2 authentication that is generated together with accessToken. When the accessToken carried by the user expires ...
Read more >Building a token refresh flow with async/await and Swift ...
Learn how you can leverage Swift Concurrency's actors and async/await features to build a token refresh flow.
Read more >NestJs JWT - Access Tokens & Refresh Tokens - Ultimate Guide
In this video, I will be building a complete authentication module with logout and refresh functionality. I will also show how you can...
Read more >JSON Web Tokens | Access and Refresh Tokens - YouTube
Discussing JWT's with @Joseph Branch, @James Q Quick and @Colby Fayock "How to Store JWT for Authentication" by @Ben Awad - I'd strongly ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
It sounds like this is a feature people want and would actually use. I’m in the middle of moving so it will likely be a couple weeks before I could get to this, but if someone else wanted to take a stab at it I would be happy to help out and get it merged. I’m thinking it should be an option so that we don’t break backwords compatibility (
app.config['JWT_CLAIM_IN_REFRESH_TOKEN'] = Trueor something along those lines).Released in version 3.10.0. Thanks for the PR @roubaeli! 👍