我正在为每个请求刷新访问令牌,并将上一个令牌列入黑名单。问题是如果有多个连续的请求,则下一个请求会使第一个令牌无效。在flask-jwt-extended中是否存在在将令牌列入黑名单之前实现宽限期的功能?
我正在阅读文档,但找不到此功能。你们可以指导我正确的道路以实现我的目标吗?
答案 0 :(得分:1)
There is not a way to do this built into the extension. Because Flask-JWT-Extended doesn't have any knowledge of the store you are using to blacklist tokens it wouldn't really make sense to have that be a feature of this extension.
However, because you control the method that checks if a token is revoked or not this would be pretty easy to do. When you store a token to be blacklisted, you can store the timestamp for when it was blacklisted. Then in your callback function that checks if a token is blacklisted, you can compare that timestamp of when the token was blacklisted with the current time minus a timedelta to give the resulting check a grace period.
It might also be a good idea to read this for some alternatives for creating a new token on every request: Flask JWT extend validity of token on each request