Comments (6)
I was thinking about that myself, as it would also have the benefit of allowing you to properly mutex your keys and address #25, and generally giving you more control over the blacklist.
It would be a pretty big breaking change so I want to give it a bit more thought, but my initial thoughts are that it seems reasonable to me. I'll need to find time to work on it though, unless you want to submit a PR.
from flask-jwt-extended.
OK, I will think about that but I don't have much time available these days either. For my case I finally used a workaround creating a custom implementation of simplekv.
I have not yet tried to improve the performance of the function get_stored_tokens but if necessary I can use my workaround to duplicate the identity to an other field and do my own get_stored_tokens why nice performances.
However it is a very dirty solution, I may submit a PR so that we can do it properly if I find some time to do it.
from flask-jwt-extended.
No worries. If you do end up finding time time and want to hack at it I would happily accept a PR, but assuming you don't I'll try to find some time in the next few weeks to properly work through this and see if I can get something ready.
If you don't mind, I'll hit you up when I have the basics in place to make sure it would address your use case.
Cheers.
from flask-jwt-extended.
I started working on this in on the blacklist_v2 branch. It still has more work to go, but basically what I'm thinking is the user has to define a function that says if a token is revoked or not (if blacklist is enabled), that we check in the @jwt_required
calls. The user is responsible for inserting tokens into their blacklist of choice, however they so choose.
I think this will give everyone enough flexibility to basically do whatever they want. Does this sound good to you?
from flask-jwt-extended.
Yes of course, with :)
from flask-jwt-extended.
Version 3.0.0 was just released, which provides support for this.
Check out these for details, and let me know if you run into any issues
- http://flask-jwt-extended.readthedocs.io/en/latest/blacklist_and_token_revoking.html
- https://github.com/vimalloc/flask-jwt-extended/releases/tag/3.0.0
from flask-jwt-extended.
Related Issues (20)
- No 401 on failure HOT 1
- 'JWT_HEADER_TYPE' is being set to "" but not reflecting. I mean I still have to pass 'Bearer <token>'
- Signature verification failed with just generated tokens HOT 1
- Unable to catch errors using flask @app.errorhandler HOT 2
- Implicit refresh with cookies: timeout does not remove JWT/CSRF cookies – was this expected? HOT 1
- How does the CSRF functionality work? HOT 2
- Decoding CSRF Token from cookies does not work HOT 1
- flask-jwt-extended, refresh token HOT 3
- RS512 not supported HOT 2
- Is option JWT_REFRESH_TOKEN_EXPIRES working? HOT 3
- ImportError: cannot import name 'DecodeError' from 'jwt' (/usr/local/lib/python3.10/dist-packages/jwt/__init__.py) HOT 1
- Documentation examples for double submit removed from latest documentation. HOT 5
- Minimum cryptography version is vulnerable to CVE HOT 1
- Multiple JWT_HEADER_TYPE options HOT 1
- DeprecationWarning: The '__version__' attribute is deprecated and will be removed in Flask 3.1 HOT 1
- Changing Default Behaviors in another file doesnt work with flask-restful HOT 1
- Collections Module Issue
- Flask-JWT-Extended always assuming token is a refresh token HOT 2
- Setting 'kid' claim as part of encode_key_loader HOT 1
- Flask v3 Error Registering Blueprints with Routes Using @jwt_required HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-jwt-extended.