如何在没有邮递员的情况下传递令牌

时间:2020-06-05 07:00:24

标签: python android flask jwt access-token

我正在使用flask和jwt在android中构建应用; 如何将令牌传递到路线? 这是我的登录名:

   @app.route('/login', methods=['POST'])
def login_user():
    user_info = request.get_json()
    user_obj = User.query.filter_by(username = user_info['username']).first()
    if user_obj is not None:
        if user_info['password'] == user_obj.password:
            token = create_access_token(identity = user_obj.username)
            return jsonify({'access_token':token})

和我的受保护路线:

@app.route('/jwt/users', methods = ['GET'])
@jwt_required
def get_all_users():
    current_user = get_jwt_identity()
    return jsonify({"result": current_user})

现在如何在没有邮递员的情况下将在登录名中创建的令牌传递到受保护的路由?我正在使用android studio作为客户端。

这是我的app.config:

app.config['JWT_TOKEN_LOCATION'] = ['headers', 'query_string']
app.config['JWT_SECRET_KEY'] = 'this-is-the-secret-key'

(稍后将退出Obv更改密钥)

1 个答案:

答案 0 :(得分:0)

将令牌作为header的一部分传递到受保护的端点。

看示例here 

$ curl http://localhost:5000/protected
{
  "msg": "Missing Authorization Header"
}

$ curl -H "Content-Type: application/json" -X POST \
  -d '{"username":"test","password":"test"}' http://localhost:5000/login
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6dHJ1ZSwianRpIjoiZjhmNDlmMjUtNTQ4OS00NmRjLTkyOWUtZTU2Y2QxOGZhNzRlIiwidXNlcl9jbGFpbXMiOnt9LCJuYmYiOjE0NzQ0NzQ3OTEsImlhdCI6MTQ3NDQ3NDc5MSwiaWRlbnRpdHkiOiJ0ZXN0IiwiZXhwIjoxNDc0NDc1NjkxLCJ0eXBlIjoiYWNjZXNzIn0.vCy0Sec61i9prcGIRRCbG8e9NV6_wFH2ICFgUGCLKpc"
}

$ export ACCESS="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6dHJ1ZSwianRpIjoiZjhmNDlmMjUtNTQ4OS00NmRjLTkyOWUtZTU2Y2QxOGZhNzRlIiwidXNlcl9jbGFpbXMiOnt9LCJuYmYiOjE0NzQ0NzQ3OTEsImlhdCI6MTQ3NDQ3NDc5MSwiaWRlbnRpdHkiOiJ0ZXN0IiwiZXhwIjoxNDc0NDc1NjkxLCJ0eXBlIjoiYWNjZXNzIn0.vCy0Sec61i9prcGIRRCbG8e9NV6_wFH2ICFgUGCLKpc"

$ curl -H "Authorization: Bearer $ACCESS" http://localhost:5000/protected
{
  "logged_in_as": "test"
}
相关问题
最新问题