Skip to main content

用于创建、验证和要求存在 JWT 的 Flask 扩展

项目描述

Flast_PyJWT 是一个烧瓶扩展,用于通过 JWT 令牌添加身份验证和授权。可以修饰路由以要求 JWT 身份验证或刷新令牌,并且可能需要存在其他声明及其值。

安装

Flask_PyJWT 可以使用pip安装:

pip install Flask_PyJWT

官方支持 3.8 或更高版本的 python。其他版本的 Python 3.x 可能有效,但尚未经过测试。

目前,官方仅支持 Flask 1.1.x。Flask 2.x可能工作,但尚未经过测试。

文档

文档由Read the Docs托管。

您可以在https://flask-pyjwt.readthedocs.io/找到 Flask_PyJWT 的文档

配置

Flask_PyJWT 的配置变量从 Flask 应用程序的配置中读取,并以前缀“JWT_”开头。

必需的值

JWT_ISSUER

( str ):JWT 的发行者。通常是您的网站/API 的名称。

JWT_AUTHTYPE

( str ):用于 JWT 的身份验证类型(HMACSHA256、HMACSHA512、RSA256、RSA512)。

接受的值:

  • HS256

  • HS512

  • RS256

  • RS512

JWT_SECRET

( str | bytes ):用于签署 JWT 的密钥或 RSA 私钥。

如果JWT_AUTHTYPE是 HS256 或 HS512,则需要一个str。如果JWT_AUTHTYPE是 RS256 或 RS512,则需要字节编码的 RSA 私钥。

可选值

JWT_AUTHMAXAGE

( int ):认证 JWT 被视为有效的最长时间(以秒为单位)。

JWT_REFRESHMAXAGE

( int ):刷新 JWT 被视为有效的最长时间(以秒为单位)。

JWT_PUBLICKEY

( str | bytes ):如果JWT_AUTHTYPE 设置为 RS256 或 RS512 ,则用于验证 JWT 的 RSA 公钥。

示例用法

from Flask import flask, request
from Flask_PyJWT import auth_manager, current_token, require_token

app = Flask(__name__)
app.config["JWT_ISSUER"] = "Flask_PyJWT" # Issuer of tokens
app.config["JWT_AUTHTYPE"] = "HS256" # HS256, HS512, RS256, or RS512
app.config["JWT_SECRET"] = "SECRETKEY" # string for HS256/HS512, bytes (RSA Private Key) for RS256/RS512
app.config["JWT_AUTHMAXAGE"] = 3600
app.config["JWT_REFRESHMAXAGE"] = 604800

auth_manager = AuthManager(app)

# Create auth and refresh tokens with the auth_manager object
@app.route("/login", METHODS=["POST"])
def post_token():
    username = request.form["username"]
    password = request.form["password"]
    # Some user authentication via username/password
    if not valid_login(username, password):
        return {"error": "Invalid login credentials"}, 401
    # Retrieve some authorizations the user has, such as {"admin": True}
    authorizations = get_user_authorizations(username)
    # Create the auth and refresh tokens
    auth_token = auth_manager.auth_token(username, authorizations)
    refresh_token = auth_manager.refresh_token(username)
    return {
        "auth_token": auth_token.signed,
        "refresh_token": refresh_token.signed
    }, 200

# Protect routes by requiring auth tokens
@app.route("/protected_route")
@require_token()
def protected_route():
    return {"message": "You've reached the protected route!"}, 200

# Provision new auth tokens by requiring refresh tokens
@app.route("/refresh", method=["POST"])
@require_token("refresh")
def refresh_token_route():
    username = current_token.sub
    # Retrieve some authorizations the user has, such as {"admin": True}
    authorizations = get_user_authorizations(username)
    new_auth_token = auth_manager.auth_token(username, authorizations)
    return {
        "auth_token": new_auth_token.signed
    }, 200

# Require specific claims in auth or refresh tokens
# to match a route's rule variables
@app.route("/user_specific_route/<string:username>")
@require_token(sub="username")
def user_specific_route(username):
    return {"message": f"Hello, {username}!"}, 200

# Require arbitrary claims in auth or refresh tokens
@app.route("/custom_claim_route")
@require_token(custom_claim="Arbitrary Required Value")
def custom_claim_route():
    return {"message": "You've reached the custom claim route!"}, 200

# Require authorizations to be present in an auth token's scope
@app.route("/admin_dashboard")
@require_token(scope={"admin": True})
def admin_dashboard():
    return {"message": f"Hello admin!"}

# Access the current token's information using current_token
@app.route("/token/info")
@require_token()
def extract_token_info():
    return {
        "token_type": current_token.token_type,
        "subject": current_token.sub,
        "scope": current_token.scope,
        "claims": current_token.claims,
        "is_signed": current_token.is_signed()
        "signed_token": current_token.signed,
    }

# Require authorization to be present in an auth token's scope or claims, but
# with the option to override those values with other claims
@app.route("/overridable_route/<string:username>")
@require_token(sub="username", override={"admin": True})
def overridable_route():
    is_admin = current_token.claims.get("admin")
    return {"message": f"Hello, {'admin' if is_admin else username}!"}, 200

项目详情


下载文件

下载适用于您平台的文件。如果您不确定要选择哪个,请了解有关安装包的更多信息。

源分布

flask_pyjwt-0.1.9.tar.gz (14.6 kB 查看哈希

已上传 source

内置分布

flask_pyjwt-0.1.9-py3-none-any.whl (14.9 kB 查看哈希

已上传 py3