Comments (6)
miguelgrinberg
commented on June 9, 2024
Yes, you are absolutely right, I'll rename it.
from flask-httpauth.
comatrion
commented on June 9, 2024
References remain e.g.
Flask-HTTPAuth/examples/multi_auth.py
Line 13 in bd6fcf3
Flask-HTTPAuth/examples/token_auth.py
Line 11 in bd6fcf3
Line 165 in bd6fcf3
Line 170 in bd6fcf3
from flask-httpauth.
alensiljak
commented on June 9, 2024
Does that mean that, if we were to use
def generate_token(self, user_id):
"""
Generates the Auth Token
:return: string
"""
try:
# set up a payload with an expiration time
payload = {
'exp': datetime.utcnow() + timedelta(minutes=5),
'iat': datetime.utcnow(),
'sub': user_id
}
# create the byte string token using the payload and the SECRET key
secret = current_app.config.get('SECRET_KEY')
jwt_string = jwt.encode(
payload,
secret,
algorithm='HS256'
)
return jwt_string
except Exception as e:
# return an error in string format if an exception occurs
return str(e)
@staticmethod
def decode_token(token):
"""
Validates the auth token.
Decodes the access token from the Authorization header.
:param auth_token:
:return: integer|string
"""
try:
# try to decode the token using our SECRET variable
secret = current_app.config.get('SECRET_KEY')
# is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
payload = jwt.decode(token, secret)
return payload['sub']
except jwt.ExpiredSignatureError:
# the token is expired, return an error string
return "Expired token. Please login to get a new token"
except jwt.InvalidTokenError:
# the token is invalid, return an error string
return "Invalid token. Please register or login"
instead of the JWS Serializer, the reference to JWT would be correct? Is this all that is necessary to correctly utilize JWT tokens?
from flask-httpauth.
unuseless
commented on June 9, 2024
@mistery If I correctly understand your code, you utilize pyjwt (though no import statement in your code). If you use pyjwt it's easy to use JWT tokens.
@miguelgrinberg 's code just uses itsdangerous, so no extra external dependency needed.
In terms of token usage, when you pass such a token back and forth in your app, it should not matter if you use JWS or JWT.
from flask-httpauth.
alensiljak
commented on June 9, 2024
@unuseless, that's correct. There's import jwt statement at the top (ref: here).
Thanks for the clarifications.
I was mostly concerned about using some standard way of handling tokens as the clients will, most likely, be JavaScript from a Progressive Web Applications or perhaps other mobile apps. I have not made a final decision. Too many options available but none of them fits my goals of being cross-platform and easy to maintain.
from flask-httpauth.
miguelgrinberg
commented on June 9, 2024
Addressed by #79. Closing.
from flask-httpauth.
Related Issues (20)
- Critical security issue when uploading files HOT 2
- How do I make HTTPDigestAuth not use cookies? HOT 2
- Token refresh HOT 1
- Unable to change user and password for authenticate HOT 6
- Digest Auth plain-text passwords HOT 4
- __version__ is gone HOT 4
- Is there any plan to support 'qop' option? HOT 5
- Optional use of @auth.login_required HOT 2
- Custom return response on unauthorized HOT 2
- user/pwd encoding is assumed (hardcoded) to be utf-8 HOT 5
- verify_token custom error based on verification outcome HOT 1
- Customized 401 page HOT 3
- Restrict endpoint to selected auth in MultiAuth HOT 2
- Role based authentication for MultiAuth HOT 2
- Token Auth Example won't run with with itsdangerous > 2.0 HOT 1
- Flask_httpauth installation not working with pip but worked with pip3 HOT 2
- Decorator verify_token not working with changes version werkzeug 2.3.0
- Token is `None` in containerized setup HOT 16
- make setting header configurable HOT 2
- Trailing '==' in a token breaks verify_token() HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-httpauth.