Stack Overflow
Stack Overflow

Questions tagged [flask-jwt-extended]

Flask-JWT-Extended is an opinionated Flask extension that adds support for using JSON Web Tokens (JWT) to protect views. It also many helpful (and optional) features built in to make working with JSON Web Tokens easier.

111 questions
0
votes
1 answer

Flask-JWT-Extended set cookies with double submit cookie method, prevent HTTP-only cookie

I'm using Flask-JWT-Extended and double submit cookie method from there for my Flask backend and React Frontend. So when user logs in from frontend, backend sets total of 4 different cookeis: csrf_access_token, csrf_refresh_token,…
Jessi
  • 1,038
  • 4
  • 15
  • 34
0
votes
0 answers

How do i access the Response Headers and Cookies in Angular 8

I am trying to send csrf_access_token as part of my PUT requests. When i am logging in, i am generating the access token and sending it as part of my cookies. So i need to fetch the tokens from cookies and send it as part of headers as X-CSRF-TOKEN…
Aditya
  • 41
  • 7
0
votes
0 answers

Flask : auto-refresh access token with cookie

I am building an application using flask and refresh / access token. I am at the part to refresh the access token if it is close to expire. Regarding the doc :…
kilag
  • 193
  • 1
  • 11
0
votes
1 answer

Flask app doen't register jwt.user_lookup_loader, Flask-JWT-Extended

I have a Flask app with blueprints. It worked just fine, but than I decided to use flask_jwt_extended to handle tokens. It is said in docs that I can decorate method with jwt.user_lookup_loader to have current_user working. But for some reason…
Michail Highkhan
  • 376
  • 2
  • 10
0
votes
1 answer

Setting Refresh Token Signing Key to User's Hashed Password Using Flask_jwt_extended

I am new to flask. I was trying to set the refresh tokens signing key as the users hashed password. I only want the refresh tokens signing key to contain the users hashed password and not the access token. I went through the flask_jwt_extended docs…
Aditya Kurkure
  • 382
  • 3
  • 15
0
votes
1 answer

flask_jwt_extended not checking for X-CSRF-TOKEN in header

I have the following request being sent in React Native: const getData = async (cookie) => { const resp = await fetch('/some_info'); const data = await resp.json(); console.log(data) } as you can see I purposefully did not add the…
39fredy
  • 1,626
  • 1
  • 14
  • 33
0
votes
1 answer

Adding JWT to cookie at login using flask security

Description: I'm trying to set the jwt token at login using flask_jwt_extended.set_access_cookies and flask_jwt_extended.set_refresh_cookies but the issue is that I cannot set this at the /login endpoint because that is auto created by…
39fredy
  • 1,626
  • 1
  • 14
  • 33
0
votes
0 answers

Can't Logout when hold a button in Flask-JWT-Extended template

I create an application where are templates and resources(Flask-restful) Every time when I click on Logout from my HomePage it redirect me to Login form, but didn't clear a previous token, so I can visit Homepage without any errors class…
Victoria Rohmanska
  • 1
0
votes
0 answers

Flask jwt extended + AngularJS with CSRF token

I am challenging an issue with my Flask server. I am trying to make JWT authentication with flask-jwt-extended. When I enable JWT_COOKIE_CSRF_PROTECT everything works just fine and response on /login is sent with csrf_access_token and…
Peter Hlavatík
  • 33
  • 1
  • 7
0
votes
1 answer

Flask JWT Extended- Different locations for access_token (header) & refresh_token(httpOnly cookie)

How to configure flask app with flask-jwt-extended for which we need something like below. AccessToken/Bearer must sent as a Header (and not cookie) RefreshToken must sent as httpOnlyCookie for /api/refreshtoken path only How to set two different…
Raxit Sheth
  • 2,073
  • 5
  • 15
  • 19
0
votes
1 answer

Flask-JWT-Ext get_current_user(), get_jwt_identity() returns None despite having tokens

Thanks for taking a look. I am trying to implement Flask-JWT-Ext. I have redis blacklist implemented in order to revoke my tokens. I am trying to use get_current_user(), get_jwt_identity() etc but it is returning None, despite passing in the access…
anongal
  • 23
  • 6
0
votes
1 answer

Checking for JWT ALG

I'm using flask-jwt-extended library for my authentication, everything works but I want to check if someone sent a manipulated JWT token with ALG = none, since that's a known vulnerable point that's used to deceive the server. I looked into the…
Hi There
  • 127
  • 2
  • 10
0
votes
0 answers

Flask-JWT-Extended not working on firefox

I am setting the flask JWT flask_jwt_extended (https://flask-jwt-extended.readthedocs.io/en/stable/basic_usage/) cookies to flask response object as below: def set_token_over_cookies(response, user_name, fresh = False): access_token,…
rughimire
  • 324
  • 1
  • 4
  • 15
0
votes
0 answers

Why does get_jwt_identity() return None even with jwt_required when accessing access_token_cookie in Flask Restful?

Hello all, I'm using Flask Restful with Flask Jwt Extended to make a schedule maker, and am trying to use cookies. I've succeeded in getting the cookie and retrieving it. I have an endpoint below that requires jwt (jwt_required) that recognizes the…
Wheel
  • 28
  • 5
0
votes
0 answers

Why does get_jwt_identity() return None even with jwt_required when accessing access_token_cookie in Flask Restful?

I'm using Flask Restful with Flask Jwt Extended to make a schedule maker, and am trying to use cookies. I've succeeded in getting the cookie and retrieving it. I have an endpoint below that requires jwt (jwt_required) that recognizes the cookie and…
Wheel
  • 28
  • 5
1 2 3 4
5
6 7 8