Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Which decorator to add an authorization step before the request is processed ?

See original GitHub issue

Hello, this is more a question than an issue. I’ve added @jwt_required() on several routes

@routes.route('/devices', methods=['GET'])
@jwt_required()
def get_devices(args):
  ...

but I need to have a method that extracts, for each request, the user data from the JWT so it can verify if the user is authorized for the request. I though about adding a @jwt.user_lookup_loader in a @before_request method, something like the following:

@routes.before_request
@jwt.user_lookup_loader
def user_lookup_callback(_jwt_header, jwt_data):
    email = jwt_data["sub"]
    user = Database.find_one("accounts", {"username": email})
    return user

but this is not working as expected. I think I’m missing something here. Can a decorator be added to trigger some kind of authorization function before each @jwt_required() decorated routes ?

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
vimalloccommented, Apr 12, 2021

You don’t need to add a @app.before_request, just having the @jwt.user_lookup_loader defined is all flask-jwt-extended needs to cause it to be called any time a valid JWT is present in the request. You can then access the user via the current_user proxy. Full docs around that can be found here: https://flask-jwt-extended.readthedocs.io/en/stable/automatic_user_loading.

If you are trying to do something like permission checks, you can do that in conjunction with the @jwt.user_lookup_loader / current_user via jwt_manager.verify_jwt_in_request in an app.before_request or in a custom decorator

0reactions
lucjcommented, Apr 13, 2021

I’m playing with custom decorators, exactly what I need. Thanks a lot

Read more comments on GitHub >

github_iconTop Results From Across the Web

Using authentication decorators in Flask - CircleCI
Now we can explore how to use decorators for authentication. Endpoints must be authenticated before they are allowed to make requests in an ......
Read more >
Using Python decorators to process and authorize requests
Here Python decorators came in very handy. They allow adding behavior and pre-processing to any function without modifying it:.
Read more >
Using Python decorators to process and authorize requests
Here I chained three decorators: two that we saw before and a new one: @load_user_or_fail loads the user model and passes it as...
Read more >
Middleware - FastAPI
You can add middleware to FastAPI applications. A "middleware" is a function that works with every request before it is processed by any...
Read more >
A practical guide to TypeScript decorators - LogRocket Blog
This type of decorator can be very useful for authentication and authorization purposes, such as checking whether a user is allowed to access ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Invalid JWT errors not thrown for decorated optional routes

Next page

Strange behavior when call is made from ajax, other domain