-
-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decoding jwt is missing "jti" #3
Comments
It seems to work for me. Did you make any changes which would cause flask reloader to kick in after generating your access/refresh tokens? In that example app, the blacklist is enabled, but we are storing the token data in memory, so if the flask app restarts, your token is still valid, but it cannot find it in the blacklist store (this is why redis/memcached/sqlalchemy should be used in prod).
|
Oh, you mean if no token was supplied to the call. Yeah, that is the default handler for that error case. You can change it with the invalid_token_loader decorator. See this file https://github.com/vimalloc/flask-jwt-extended/blob/master/flask_jwt_extended/jwt_manager.py |
That said, I think that can be done better. I'll look at it more today. |
Actually, now that I'm actually sitting down and looking at it, I am unable to duplicate it. Can you verify it wasn't a flask refresh thing? |
I'm using PAW and terminal and still able to reproduce it. I'm not sure what flask refresh thing you are referring to. MYUSERNAME$ curl -H "Content-Type: application/json" -X POST -d '{"username":"test1","password":"abc123"}' http://localhost:5001/auth/login
{
"access_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2NsYWltcyI6eyJpcCI6IjEyNy4wLjAuMSIsInR5cGUiOiJyZXN0cmljdGVkIn0sImp0aSI6IjAyOTNmYWE2LTRjMjYtNGJhMS1hNmRjLWUzMDYzNDExNzg2YiIsImV4cCI6MTQ3NDMxOTA0MiwiZnJlc2giOnRydWUsImlhdCI6MTQ3NDMxNTQ0MiwidHlwZSI6ImFjY2VzcyIsIm5iZiI6MTQ3NDMxNTQ0MiwiaWRlbnRpdHkiOiJ0ZXN0MSJ9.LbIzIr9DA4XeRoinDOzp9tmM4R8yHR6ZgLwe3_wqZGueJD5fwoYZO4bTu-MqR0wysU2gW43ULrowYlKBMy0_GA",
"refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2ODhlMzVlYS1iZGFkLTQ0MzYtODQzMi1jMmQ2MjUzMTQzNzEiLCJleHAiOjE0NzQ5MjAyNDIsImlhdCI6MTQ3NDMxNTQ0MiwidHlwZSI6InJlZnJlc2giLCJuYmYiOjE0NzQzMTU0NDIsImlkZW50aXR5IjoidGVzdDEifQ.wDSO6snzoDDKLwlpAktT2Ylh6EHzN0FRNMOkLPjGiDOStSCXkjuIS5wedA3y0KMqzSpv9OvbncyoKLb3cip7uQ"
}
MYUSERNAME$ export ACCESS="eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2NsYWltcyI6eyJpcCI6IjEyNy4wLjAuMSIsInR5cGUiOiJyZXN0cmljdGVkIn0sImp0aSI6IjAyOTNmYWE2LTRjMjYtNGJhMS1hNmRjLWUzMDYzNDExNzg2YiIsImV4cCI6MTQ3NDMxOTA0MiwiZnJlc2giOnRydWUsImlhdCI6MTQ3NDMxNTQ0MiwidHlwZSI6ImFjY2VzcyIsIm5iZiI6MTQ3NDMxNTQ0MiwiaWRlbnRpdHkiOiJ0ZXN0MSJ9.LbIzIr9DA4XeRoinDOzp9tmM4R8yHR6ZgLwe3_wqZGueJD5fwoYZO4bTu-MqR0wysU2gW43ULrowYlKBMy0_GA"
MYUSERNAME$ export REFRESH="eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2ODhlMzVlYS1iZGFkLTQ0MzYtODQzMi1jMmQ2MjUzMTQzNzEiLCJleHAiOjE0NzQ5MjAyNDIsImlhdCI6MTQ3NDMxNTQ0MiwidHlwZSI6InJlZnJlc2giLCJuYmYiOjE0NzQzMTU0NDIsImlkZW50aXR5IjoidGVzdDEifQ.wDSO6snzoDDKLwlpAktT2Ylh6EHzN0FRNMOkLPjGiDOStSCXkjuIS5wedA3y0KMqzSpv9OvbncyoKLb3cip7uQ"
MYUSERNAME$ curl -H "Authorization: Bearer $REFRESH" -X POST http://localhost:5001/auth/refresh
{
"msg": "Missing or invalid claim: jti"
}
|
Ok, got it. I'm currently using python3, and it looks like that breaks in python2. It is the isinstance check here: if 'jti' not in data or not isinstance(data['jti'], str):
raise JWTDecodeError("Missing or invalid claim: jti") Let me get the unittests done for this, and I'll go through and make sure it's compatiable for both python2 and python3. Thanks! |
I'm get the following error when using the provided token back to the refresh link.
The refresh_token wasn't used in the process?
Header:
Authorization: Bearer
The text was updated successfully, but these errors were encountered: