Comments (6)
We do not yet have an implementation of JWTManager for python, you are correct. You could translate the JWTManager javascript code into python, which would be on option. We welcome pull requests :) .
from fusionauth-python-client.
The original question seems to be specifically how to revoke an access token (not a refresh token). Although the original question states that the desired behavior can apparently be achieved via the JWTManager, I am unable to find how the JWTManager exposes functionality for revoking or invalidating an access token.
How does one go about revoking an access token? Either with the JWTManager ... or regardless of the client, what would be the correct API call to do this?
from fusionauth-python-client.
You can't explicitly revoke an access token in FusionAuth. We don't support RFC 7009: https://www.rfc-editor.org/rfc/rfc7009.html and based on the number of upvotes for this, I don't know if the community wants us to: FusionAuth/fusionauth-issues#201
So, if you want to have an access token become invalid, you have to manage it yourself. That is what is outlined in the articles @tanwirahmad mentions. The process is basically:
- set up webhooks to fire to all the resource servers when a refresh token is invalidated (when the user logs out)
- listen for that event, and when it occurs, record the user with the invalid token in the resource server (in redis, db, etc)
- next time an access token is presented, verify that it is not for a user who has logged out
If you want to handle the case where a user logs out, then logs back in quickly, then the time based logic in the Webhooks section here: https://fusionauth.io/learn/expert-advice/tokens/revoking-jwts needs to be implemented.
Hope this helps.
from fusionauth-python-client.
This is very helpful. Thank you for the quick response. While I was poking around at this, I also ran across this discussion which seems relevant and illuminating: FusionAuth/fusionauth-issues#25
Particularly, the whole thing JWTs are meant to be portable and are not persisted server-side switched on a lightbulb for me. But it also raises the question of whether they should be used in a standard application session-oriented auth workflow, as seems to be implied, e.g. in the the example Flask client here. While the example does not explicitly keep track of user sessions, it would be the natural next step (and the one I am trying to solve now).
So I sort of think maybe using the JWT API for this is not the right approach? But then is there another mechanism provided by the FusionAuth API? As far as I can tell, this is just how FusionAuth works by virtue of the fact of using JWTs as oAuth tokens.
from fusionauth-python-client.
@scott2b I suggest you take a look at these login flows. They walk through all kinds of options: https://fusionauth.io/learn/expert-advice/authentication/login-authentication-workflows
You can also post in our community forum, slack or open a support ticket (if you have support). All of these will get you a better response than posting on a client library issue (your current experience notwithstanding :) ).
from fusionauth-python-client.
Thank you for this link. I appreciate the detail spelled out here.
from fusionauth-python-client.
Related Issues (15)
- Package broken? HOT 11
- Logout API not working HOT 9
- Uri not working for urls ending with a backslash ? HOT 3
- Python types HOT 1
- Bug, missing requirements HOT 4
- Async Support HOT 1
- Search identity providers API doesn't work as expected HOT 1
- Feature request: add search by ID to identity provider API HOT 2
- No version in Python package HOT 2
- validate_jwt method using incorrect header HOT 3
- Use Python optional parameters HOT 5
- Function client_response.was_successful() return False instead of True HOT 3
- Some endpoints missing HOT 10
- Documentation and/or test cases? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fusionauth-python-client.