Menu
I am trying to refresh a JWT token from the code here. The issue is with how to get the new token with the refresh.
This works:
curl http://127.0.0.1:5000/protected
{"msg":"Missing Authorization Header"}
This works and I get my token and put it in ACCESS
curl -H "Content-Type: application/json" -X POST -d '{"username":"test","password":"test"}' http://localhost:5000/login
This works and I get my username
curl -H "Authorization: Bearer $ACCESS" http://localhost:5000/protected
But when the token expires, how do I get curl with my refresh token and/or access token to get my new access token? I've tried numerous POST's and nothing seems to work:
https://flask-jwt-extended.readthedocs.io/en/latest/refresh_tokens.html
from flask import Flask, jsonify, request
from flask_jwt_extended import (
JWTManager, jwt_required, create_access_token,
jwt_refresh_token_required, create_refresh_token,
get_jwt_identity
)
app = Flask(__name__)
app.config['JWT_SECRET_KEY'] = 'super-secret' # Change this!
jwt = JWTManager(app)
@app.route('/login', methods=['POST'])
def login():
username = request.json.get('username', None)
password = request.json.get('password', None)
if username != 'test' or password != 'test':
return jsonify({"msg": "Bad username or password"}), 401
# Use create_access_token() and create_refresh_token() to create our
# access and refresh tokens
ret = {
'access_token': create_access_token(identity=username),
'refresh_token': create_refresh_token(identity=username)
}
return jsonify(ret), 200
# The jwt_refresh_token_required decorator insures a valid refresh
# token is present in the request before calling this endpoint. We
# can use the get_jwt_identity() function to get the identity of
# the refresh token, and use the create_access_token() function again
# to make a new access token for this identity.
@app.route('/refresh', methods=['POST'])
@jwt_refresh_token_required
def refresh():
current_user = get_jwt_identity()
ret = {
'access_token': create_access_token(identity=current_user)
}
return jsonify(ret), 200
@app.route('/protected', methods=['GET'])
@jwt_required
def protected():
username = get_jwt_identity()
return jsonify(logged_in_as=username), 200
if __name__ == '__main__':
app.run()
423
The JWT is used for accessing secure routes on the API and the refresh token is used for generating new JWT access tokens when (or just before) they expire.
To use the refresh token, make a POST request to the service's token endpoint with grant_type=refresh_token , and include the refresh token as well as the client credentials if required.
A refresh token is a long lived JWT that can only be used to creating new access tokens. You have a couple choices about how to utilize a refresh token.
When an access token has expired we provide the refresh token, and Flask-JWT-Extended verifies it and returns a new, valid access token. That way the user can keep using that access token for accessing the protected services. This process repeats every time the original access token expires...
In a previous blog post, we talked about a Flask extension, Flask-JWT, which allows us to create JWTs (JSON Web Tokens) in our Flask apps. Flask-JWT is handy and provides a minimal set of features we would need for token based authentication. However, as our app grows more complex, we may find it a little bit restricting.
This Refresh token is never exposed to the client-side Javascript, even if our access token gets compromised it’ll be expired in a very short duration. So, we will be sending two tokens instead of one, an access token and a refresh token.
Try
curl -H "Authorization: Bearer $REFRESH" -X POST http://localhost:5000/refresh
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
