Skip to content
No description, website, or topics provided.
Python
Branch: master
Clone or download
Latest commit 38d01d7 Oct 11, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
example JWT_ALGORITHMS Oct 9, 2019
flask_middleware_jwt files organized Oct 9, 2019
.gitignore first commit Oct 9, 2019
LICENSE first commit Oct 9, 2019
README.md update readme Oct 10, 2019
pypi.svg pypi svg Oct 9, 2019
requirements.txt first commit Oct 9, 2019
setup.py files organized Oct 9, 2019

README.md

Flask Middleware JWT

made-with-python PyPi download

drawing

This library was originally developed in a project where it was necessary to make usage of the same package among several smaller services on a microservice archictecture. It was needed that a JWT token was validated on requests, checking whether it had the required structure and if it hadn't expired.

Flask Middleware JWT aims to improve a flask micro-framework with a new way of authenticating your services. For further reading on it's functionalities, plase check our medium article.

Instalation

Run the command in shell:

pip3 install flask-middleware-jwt

App Configuration

Example on how to set your flask app configuration:

app.config possible values
MIDDLEWARE_URL_IDENTITY http://0.0.0.0:5000
MIDDLEWARE_VERIFY_ENDPOINT /token/verify
MIDDLEWARE_BEARER True or False
MIDDLEWARE_VERIFY_HTTP_VERB GET or POST
JWT_SECRET your secret
JWT_ALGORITHMS ['HS256']

Annotations

JWT Token

@middleware_jwt_required

Validates initially if tokens via headers in requests contains "Autorization" before your jwt token and returns an invalid token message otherwise.

Example - How to run

To start your app, please follow these instructions:
Navigate to the 'example' directory and execute either of the following commands on both 'identity' and 'your_app' folders:

flask run

or

python3 app.py

Once both services are up and running, use your prefered API Client, such as Postman to test your app.

Requests

Login:

For API Clients, input these parameters:

  • Headers:

Content-Type: application/json

  • POST

endpoint: http://127.0.0.1:5000/login

For Curl Commands:

curl -d '{"username": "test", "password": "test"}' -X POST -H "Content-Type: application/json" http://127.0.0.1:5000/login

A successful response should return you
{"access_token": "you_token"}


Token Verification:

For API Clients, input these parameters:

  • Headers:

Key: Authorization
Bearer: jwt token returned from login request

  • GET

endpoint: http://127.0.0.1:5000/your_path/verify

For Curl Commands:

curl -X GET -H "Authorization: Bearer you_token" http://127.0.0.1:5000/your_path/verify

Body of the message returned should be either related to your token integrity or in case of sucessful request:

{"message": "Authorization Valid"}


Test Response:

curl -X GET -H "Authorization: Bearer your_token" http://127.0.0.1:5001

Body of the message returned should be either related to your token integrity or in case of sucessful request:

Hello World!

License

Apache License, Version 2.0

You can’t perform that action at this time.