Giter VIP home page Giter VIP logo

Comments (6)

vimalloc avatar vimalloc commented on July 24, 2024

It seems to work for me. Did you make any changes which would cause flask reloader to kick in after generating your access/refresh tokens? In that example app, the blacklist is enabled, but we are storing the token data in memory, so if the flask app restarts, your token is still valid, but it cannot find it in the blacklist store (this is why redis/memcached/sqlalchemy should be used in prod).

curl -H "Content-Type: application/json" -X POST -d '{"username":"test1","password":"abc123"}' http://localhost:5000/auth/login
{                     
  "access_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NzQzMTA0MjksImZyZXNoIjp0cnVlLCJpYXQiOjE0NzQzMDY4MjksImp0aSI6IjNiNzgzOGI4LTg3MWEtNGRiMi1iOWI1LTkyOTVhZTJlZTAwMiIsImlkZW50aXR5IjoidGVzdDEiLCJ0eXBlIjoiYWNjZXNzIiwidXNlcl9jbGFpbXMiOnsidHlwZSI6InRlY2huaWNpYW4iLCJpcCI6IjEyNy4wLjAuMSJ9LCJuYmYiOjE0NzQzMDY4Mjl9.KKyMvgei_1d60q6Dw_r-fT0co004M5PxrZuhmbfre5VQKjqghnMvf7kTECyHQQHh8uV7O5AURo1ImJWmHS1oqw", 
  "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NzQ5MTE2MjksImlhdCI6MTQ3NDMwNjgyOSwianRpIjoiZTJjM2Q4ODAtMDIxYy00NDE5LTg4OWItNGM1ZjY2ODljMjU2IiwiaWRlbnRpdHkiOiJ0ZXN0MSIsInR5cGUiOiJyZWZyZXNoIiwibmJmIjoxNDc0MzA2ODI5fQ.5KWz0IR28Z__bVnQZ6WhD1BQoSBYUPDaSfgsvky3eURZDkLqbdRRaTMUOer5p2LIRb-2bI7NSXzvn7R83WkZPw"
}

export ACCESS="eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NzQzMTA0MjksImZyZXNoIjp0cnVlLCJpYXQiOjE0NzQzMDY4MjksImp0aSI6IjNiNzgzOGI4LTg3MWEtNGRiMi1iOWI1LTkyOTVhZTJlZTAwMiIsImlkZW50aXR5IjoidGVzdDEiLCJ0eXBlIjoiYWNjZXNzIiwidXNlcl9jbGFpbXMiOnsidHlwZSI6InRlY2huaWNpYW4iLCJpcCI6IjEyNy4wLjAuMSJ9LCJuYmYiOjE0NzQzMDY4Mjl9.KKyMvgei_1d60q6Dw_r-fT0co004M5PxrZuhmbfre5VQKjqghnMvf7kTECyHQQHh8uV7O5AURo1ImJWmHS1oqw" 
export REFRESH="eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NzQ5MTE2MjksImlhdCI6MTQ3NDMwNjgyOSwianRpIjoiZTJjM2Q4ODAtMDIxYy00NDE5LTg4OWItNGM1ZjY2ODljMjU2IiwiaWRlbnRpdHkiOiJ0ZXN0MSIsInR5cGUiOiJyZWZyZXNoIiwibmJmIjoxNDc0MzA2ODI5fQ.5KWz0IR28Z__bVnQZ6WhD1BQoSBYUPDaSfgsvky3eURZDkLqbdRRaTMUOer5p2LIRb-2bI7NSXzvn7R83WkZPw"

curl -H "Authorization: Bearer $REFRESH" -X POST http://localhost:5000/auth/refresh 
{                                                                                    
  "access_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NzQzMTA0NTcsImZyZXNoIjpmYWxzZSwiaWF0IjoxNDc0MzA2ODU3LCJqdGkiOiIzMjZiYjkwOC02NmFjLTRiYTUtODJlZC04Y2RiNzNmMjZkZmIiLCJpZGVudGl0eSI6InRlc3QxIiwidHlwZSI6ImFjY2VzcyIsInVzZXJfY2xhaW1zIjp7InR5cGUiOiJ0ZWNobmljaWFuIiwiaXAiOiIxMjcuMC4wLjEifSwibmJmIjoxNDc0MzA2ODU3fQ.8jglk7h_9JEWmengK1WYJ7L1d5XbGla1e9K4kSkUHpRnW7HCLUwuka_TiKyRYtUmQbLYbAWK_sbGwF-n9iaSiQ"
}

from flask-jwt-extended.

vimalloc avatar vimalloc commented on July 24, 2024

Oh, you mean if no token was supplied to the call. Yeah, that is the default handler for that error case. You can change it with the invalid_token_loader decorator. See this file https://github.com/vimalloc/flask-jwt-extended/blob/master/flask_jwt_extended/jwt_manager.py

from flask-jwt-extended.

vimalloc avatar vimalloc commented on July 24, 2024

That said, I think that can be done better. I'll look at it more today.

from flask-jwt-extended.

vimalloc avatar vimalloc commented on July 24, 2024

Actually, now that I'm actually sitting down and looking at it, I am unable to duplicate it. Can you verify it wasn't a flask refresh thing?

from flask-jwt-extended.

rlam3 avatar rlam3 commented on July 24, 2024

I'm using PAW and terminal and still able to reproduce it. I'm not sure what flask refresh thing you are referring to.

MYUSERNAME$ curl -H "Content-Type: application/json" -X POST -d '{"username":"test1","password":"abc123"}' http://localhost:5001/auth/login
{
  "access_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2NsYWltcyI6eyJpcCI6IjEyNy4wLjAuMSIsInR5cGUiOiJyZXN0cmljdGVkIn0sImp0aSI6IjAyOTNmYWE2LTRjMjYtNGJhMS1hNmRjLWUzMDYzNDExNzg2YiIsImV4cCI6MTQ3NDMxOTA0MiwiZnJlc2giOnRydWUsImlhdCI6MTQ3NDMxNTQ0MiwidHlwZSI6ImFjY2VzcyIsIm5iZiI6MTQ3NDMxNTQ0MiwiaWRlbnRpdHkiOiJ0ZXN0MSJ9.LbIzIr9DA4XeRoinDOzp9tmM4R8yHR6ZgLwe3_wqZGueJD5fwoYZO4bTu-MqR0wysU2gW43ULrowYlKBMy0_GA", 
  "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2ODhlMzVlYS1iZGFkLTQ0MzYtODQzMi1jMmQ2MjUzMTQzNzEiLCJleHAiOjE0NzQ5MjAyNDIsImlhdCI6MTQ3NDMxNTQ0MiwidHlwZSI6InJlZnJlc2giLCJuYmYiOjE0NzQzMTU0NDIsImlkZW50aXR5IjoidGVzdDEifQ.wDSO6snzoDDKLwlpAktT2Ylh6EHzN0FRNMOkLPjGiDOStSCXkjuIS5wedA3y0KMqzSpv9OvbncyoKLb3cip7uQ"
}
MYUSERNAME$ export ACCESS="eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2NsYWltcyI6eyJpcCI6IjEyNy4wLjAuMSIsInR5cGUiOiJyZXN0cmljdGVkIn0sImp0aSI6IjAyOTNmYWE2LTRjMjYtNGJhMS1hNmRjLWUzMDYzNDExNzg2YiIsImV4cCI6MTQ3NDMxOTA0MiwiZnJlc2giOnRydWUsImlhdCI6MTQ3NDMxNTQ0MiwidHlwZSI6ImFjY2VzcyIsIm5iZiI6MTQ3NDMxNTQ0MiwiaWRlbnRpdHkiOiJ0ZXN0MSJ9.LbIzIr9DA4XeRoinDOzp9tmM4R8yHR6ZgLwe3_wqZGueJD5fwoYZO4bTu-MqR0wysU2gW43ULrowYlKBMy0_GA"
MYUSERNAME$ export REFRESH="eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2ODhlMzVlYS1iZGFkLTQ0MzYtODQzMi1jMmQ2MjUzMTQzNzEiLCJleHAiOjE0NzQ5MjAyNDIsImlhdCI6MTQ3NDMxNTQ0MiwidHlwZSI6InJlZnJlc2giLCJuYmYiOjE0NzQzMTU0NDIsImlkZW50aXR5IjoidGVzdDEifQ.wDSO6snzoDDKLwlpAktT2Ylh6EHzN0FRNMOkLPjGiDOStSCXkjuIS5wedA3y0KMqzSpv9OvbncyoKLb3cip7uQ"
MYUSERNAME$ curl -H "Authorization: Bearer $REFRESH" -X POST http://localhost:5001/auth/refresh
{
  "msg": "Missing or invalid claim: jti"
}

from flask-jwt-extended.

vimalloc avatar vimalloc commented on July 24, 2024

Ok, got it. I'm currently using python3, and it looks like that breaks in python2. It is the isinstance check here:

    if 'jti' not in data or not isinstance(data['jti'], str):
        raise JWTDecodeError("Missing or invalid claim: jti")

Let me get the unittests done for this, and I'll go through and make sure it's compatiable for both python2 and python3.

Thanks!

from flask-jwt-extended.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.