An open source Flask extension that provides JWT support (with batteries included)!
MIT License
Bot releases are visible (Hide)
Published by vimalloc over 3 years ago
Published by vimalloc almost 4 years ago
JWT_ENCODE_ISSUER
optionPublished by vimalloc almost 5 years ago
Published by vimalloc about 5 years ago
headers
kwarg when making new tokens or via the jwt_manager.additional_headers_loader
decorator. These headers can be accessed in your endpoints via the get_raw_jwt_header
function. Thanks @iamajay for this feature! (#271)Published by vimalloc about 5 years ago
Published by vimalloc about 5 years ago
Published by vimalloc about 5 years ago
JWT_DECODE_ISSUER
option for use with other JWT providers (#259)Published by vimalloc over 5 years ago
JWT_TOKEN_LOCATION
. Thanks @stephendwolff!(#256)Published by vimalloc over 5 years ago
Published by vimalloc over 5 years ago
JWT_SESSION_COOKIE = False
creating a cookie that was too long in the future for some browsers (#243). Thanks @allen-cook!Published by vimalloc over 5 years ago
decode_token
on an expired token. This issue was introduced in 3.16.0
. (#234)1.6.4
or newer (#238)Published by vimalloc over 5 years ago
user_claims
argument to create_access_token
and create_refresh_token
functions (#229). Thanks @jeanphixdatetime.datetime
(such as dateutil
) will now work with extension (#233). Thanks @abathurPublished by vimalloc over 5 years ago
JWT_ACCESS_TOKEN_EXPIRES
and JWT_REFRESH_TOKEN_EXPIRES
settings. (#226) Thanks @evangilo!Published by vimalloc over 5 years ago
This release changes how the @jwt.expired_token_loader
callback function works. Before this release the callback function took no arguments. Now it will take one argument which is the decoded contents of the expired token. This lets you customize the expired token callback based on the token that was received. For example:
# Old way
@jwt.expired_token_loader
def old_expired_callback():
return jsonify(foo='bar'), 401
# New way
@jwt.expired_token_loader
def new_expired_callback(expired_token):
if expired_token['type'] == 'access':
return jsonify(foo='bar'), 401
else:
return jsonify(foo='baz'), 401
The old way will still work, updating to this version will not break your software out from under you. You will however receive a deprecation warning when using that way. To fix this, simply add an addition argument to your callback function for the expired token.
Published by vimalloc almost 6 years ago
JWT_DECODE_LEEWAY
option (#218). Thanks @otetard!Published by vimalloc almost 6 years ago
In this release we are modifying how decoded tokens work, so that this extension can be more easily used by other JWT providers (#212). The important changes in this release are:
JWT_DECODE_AUDIENCE
configuration option, for using the aud
claim in JWTsdecode_key_callback()
function to now take the unverified headers as well as the unverified claims as arguments. If you have existing code that only takes one argument, it will still work, but you will see a depreciation warning when it is called. You should update your callback to take a second parameter to fix that. As an example decode_key(claims)
would become decode_key(claims, headers)
.jti
claim doesn't exist in a token, it will now be set to None
in the decoded dictionary instead of raising an errortype
claim doesn't exist in a token, it will be marked as an access token and 'type': 'access'
will be set in the decoded dictionaryfresh
claim doesn't exist in a token, it will be marked as a non-fresh token and 'fresh': False
will be set in the decoded dictionaryMany thanks to @acrossen for making this release possible!
Published by vimalloc about 6 years ago
Published by vimalloc about 6 years ago
decode_key_loader
and encode_key_loader
. The decode callback is passed in the unverified JWT claims, and must return a string that will be used to decode and verify the JWT. The encode callback is passed in the identity (as passed in to the create_access_token
or create_refresh_token
functions) and must return a string that will be used to encode a JWT. If unset, the JWT_SECRET_KEY
, JWT_PUBLIC_KEY
, or JWT_PRIVATE_KEY
will still be used as appropriate.Published by vimalloc about 6 years ago
Published by vimalloc over 6 years ago