Manually validate flask-extended-jwt's access token Manually validate flask-extended-jwt's access token flask flask

Manually validate flask-extended-jwt's access token


flask flask-jwt flask-jwt-extended

Author of flask-jwt-extended here. That's a great question. There is currently no supported way to do that in the extension, the grabbing the token from the request and decoding it are tightly coupled together. This would be hard to de-couple because there is a lot of conditional things that are going on when the full decode chain runs. For example, checking the CSRF value only if the request is sent in via a cookie, or differentiating between an access and refresh token for the sake of the blacklisting feature.

A generalized function could be created, it's signature would look something like decode_and_verify_jwt(encoded_token, is_access_token=True, check_csrf=False). However, this would complicate the rest of the code in flask_jwt_extended and be a rather confusing function to use for the general case.

I think in this case it would be easier just to add a fourth lookup in the extension, so you could use something like:

app.config['JWT_TOKEN_LOCATION'] = ['headers', 'forms']app.config['JWT_FORM_KEY'] = 'access_token'# Use the rest of the application normally

If you want to make a ticket on the github page so I can track this, I would be happy to work on it.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last