在我的JWT应用程序中刷新过期的Flask令牌后,我不知道如何继续请求流程。
我将access token和refresh token存储在各自的cookie中。
这是我现在的流程:
下面是我的装饰器函数,用于检查JWT令牌的有效性
def check_valid_jwt(f):
@wraps(f)
def wrapper():
print(request.cookies)
if 'access_token_cookie' in request.cookies:
print('Verify Signature')
# some code that verifies the JWT signature
print('Signature verification successful')
# some code that extracts claims from the token
if time.time() > claims['exp']:
print('Token is expired')
# some code that get the new access token using refresh token
# What am I supposed to do here after I get the refresh token and continue the request while adding the new token to access_token cookie?
return f()
return wrapper
这是我受保护的端点的样子:
@check_valid_jwt
def secretpage():
return render_template("/home/secret_page.html")
获取刷新令牌后,我想继续请求的流程并在cookie中添加新的access token,但是如果我在check_valid_jwt装饰器函数中添加它,则secretpage处理程序将不知道已经发布了新的access token。
我如何以这种方式进行操作:如果已发出新的access token,它将被添加到响应中。我在这里完成了吗,这不是Authentication流程的工作原理吗?
答案 0 :(得分:0)
最好的方法是创建用于JWT身份验证的中间件,而不是装饰器
from flask import Flask
class JWTAuthMiddleware(object):
def __init__(self, app):
self.app = app
def __call__(self, environ, start_response):
access_token = environ.get('HTTP_AUTHORIZATION', None)
# validate access token here and get new one if required by using refresh token
# you can also update the invalid token in the header here if you want
environ['HTTP_AUTHORIZATION'] = 'new access token'
return self.app(environ, start_response)
现在用这个包装实际的wsgi应用
app = Flask(__name__)
app.wsgi_app = JWTAuthMiddleware(app.wsgi_app)