Comments (5)
Sounds reasonable to me. It may take a little bit, but I'll see about getting this implemented soon.
Cheers 👍
from flask-jwt-extended.
For the first one having pyjwt pull this request would be ideal: jpadilla/pyjwt#280
from flask-jwt-extended.
Indeed 👍 . I'll wait on that for a bit to see if any progress is made on that being merged.
from flask-jwt-extended.
I added a generalized callback method that will allow you to verify the custom claims in the access tokens. This will allow you to check if the keys exists, as well as do additional verification as desired.
This adds two new callback loader methods to verify user_claims and change the return value if the user_claims verification fails
# Old function, unchanged
@jwt.user_claims_loader
def add_custom_claims(identity):
return {
'foo': 'bar',
'baz': 'boom'
}
# New function, verify the user claims in an access token
@jwt.claims_verification_loader
def verify_user_claims(user_claims):
expected_keys = ['foo', 'baz']
for key in expected_keys:
if key not in user_claims:
return False
return True
# New function, change the return value if user claims verification failed.
# You don't have to implement this one, this is just so you can change the
# return value if you don't like the default implementation.
@jwt.claims_verification_failed_loader
def failed_user_claim_verification_error():
return jsonify({'msg': 'Access token is missing key 'foo' or 'baz'}), 404
I'll get a new version with this pushed out to pip soon.
Cheers
from flask-jwt-extended.
Released as version 3.2.0
from flask-jwt-extended.
Related Issues (20)
- Typing issue HOT 1
- TypeError: check_if_token_in_blacklist() takes 1 positional argument but 2 were given HOT 1
- No 401 on failure HOT 1
- 'JWT_HEADER_TYPE' is being set to "" but not reflecting. I mean I still have to pass 'Bearer <token>'
- Signature verification failed with just generated tokens HOT 1
- Unable to catch errors using flask @app.errorhandler HOT 2
- Implicit refresh with cookies: timeout does not remove JWT/CSRF cookies – was this expected? HOT 1
- How does the CSRF functionality work? HOT 2
- Decoding CSRF Token from cookies does not work HOT 1
- flask-jwt-extended, refresh token HOT 3
- RS512 not supported HOT 2
- Is option JWT_REFRESH_TOKEN_EXPIRES working? HOT 3
- ImportError: cannot import name 'DecodeError' from 'jwt' (/usr/local/lib/python3.10/dist-packages/jwt/__init__.py) HOT 1
- Documentation examples for double submit removed from latest documentation. HOT 5
- Minimum cryptography version is vulnerable to CVE HOT 1
- Multiple JWT_HEADER_TYPE options HOT 1
- DeprecationWarning: The '__version__' attribute is deprecated and will be removed in Flask 3.1 HOT 1
- Changing Default Behaviors in another file doesnt work with flask-restful HOT 1
- Collections Module Issue
- Flask-JWT-Extended always assuming token is a refresh token HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-jwt-extended.