Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Revoke current token
See original GitHub issueI am implementing an API in flask using your lovely library for a jwt-based authentication. I would like to offer the authenticated client the option to revoke its own token (“logout”). How would I implement this? I am using redis for the blacklist backend. As far as I can tell, the only way to revoke a token is by its jti. However, the library only stores the identity and the user claims on the app context.
Would it make sense to store the full jwt on the app context and have the get_jwt_identity and get_jwt_claims functions just return the appropriate fields? This would allow for another function that returns the jti.
Issue Analytics
- State:
- Created 7 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
That seems perfectly reasonable to me. We can add a new
get_raw_jwtor something along those lines. We could take it a step farther and also add aget_jwt_jtimethod as well, if that would make things simpler.I’ll see about getting a new released pushed which addresses this later today.
Thanks for the feedback! 👍
Thanks 😃
That is released as version 1.1.0. It should be available on pypi shortly. I’m going to go ahead and close this issue, but if any problems come up, please go ahead and re-open it.
Cheers!