From 285513798b04def05875c00825d0e2c3eee90c04 Mon Sep 17 00:00:00 2001 From: DiptoChakrabarty Date: Sun, 4 Jul 2021 23:55:42 +0530 Subject: [PATCH 1/2] replace flask jwt with jwt extended --- project/views/views.py | 14 +++++++++----- requirements.txt | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/project/views/views.py b/project/views/views.py index a20cd58..9b52859 100644 --- a/project/views/views.py +++ b/project/views/views.py @@ -2,8 +2,8 @@ from __future__ import absolute_import, print_function, unicode_literals from flask import request, jsonify -from flask_jwt import jwt_required, current_identity - +from flask_jwt_extended import (create_access_token,create_refresh_token, + get_jwt_identity,jwt_required) from project.views import views_bp from project.views.oauth import jwt, authenticate @@ -42,9 +42,13 @@ def login(): if not user: raise UserNotFoundException("User not found!") - access_token = jwt.jwt_encode_callback(user) + access_token = create_access_token(identity=user.id) + refresh_token = create_refresh_token(user.id) - resp = jsonify({"access_token": str(access_token, "utf-8")}) + resp = jsonify({ + "access_token": str(access_token, "utf-8"), + "refresh_token": str(refresh_token,"utf-8") + }) resp.status_code = 200 # add token to response headers - so SwaggerUI can use it @@ -71,7 +75,7 @@ def protected(): 200: description: User successfully accessed the content. """ - resp = jsonify({"protected": "{}".format(current_identity)}) + resp = jsonify({"protected": "{}".format(get_jwt_identity())}) resp.status_code = 200 return resp diff --git a/requirements.txt b/requirements.txt index ffe267a..e0c53b6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ flasgger==0.8.1 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Injector==0.10.1 -Flask-JWT==0.3.2 +Flask-JWT-Extended==3.24.1 Flask-Login==0.4.1 Flask-OpenTracing==0.1.8 Flask-Script==2.0.6 From df9c12b45436dc0fa40b96014176f4ef2830fb34 Mon Sep 17 00:00:00 2001 From: DiptoChakrabarty Date: Mon, 5 Jul 2021 00:01:52 +0530 Subject: [PATCH 2/2] route to refresh tokens of user --- project/views/views.py | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/project/views/views.py b/project/views/views.py index 9b52859..280c5d6 100644 --- a/project/views/views.py +++ b/project/views/views.py @@ -3,9 +3,9 @@ from flask import request, jsonify from flask_jwt_extended import (create_access_token,create_refresh_token, - get_jwt_identity,jwt_required) + get_jwt_identity,jwt_required,jwt_refresh_token_required) from project.views import views_bp -from project.views.oauth import jwt, authenticate +from project.views.oauth import authenticate class UserNotFoundException(Exception): @@ -42,7 +42,7 @@ def login(): if not user: raise UserNotFoundException("User not found!") - access_token = create_access_token(identity=user.id) + access_token = create_access_token(identity=user.id,fresh=False) refresh_token = create_refresh_token(user.id) resp = jsonify({ @@ -79,3 +79,23 @@ def protected(): resp.status_code = 200 return resp + +@views_bp.route("/refresh-token",methods=["POST"]) +@jwt_refresh_token_required +def refresh_token(): + """ + Refresh Token Method + --- + description: Refresh Access Tokens of the user + responses: + 200: + description: User has generated new access tokens + """ + current_user = get_jwt_identity() + access_token = create_access_token(identity=current_user,fresh=False) + resp = jsonify({"access_token": str(access_token, "utf-8")}) + + resp.status_code = 200 + resp.headers.extend({'jwt-token': access_token}) + return resp +