Changing Default Behaviors¶
We provide what we think are sensible behaviors when attempting to access a protected endpoint. If the access token is not valid for any reason (missing, expired, tampered with, etc) we will return json in the format of {‘msg’: ‘why accessing endpoint failed’} along with an appropriate http status code (generally 401 or 422). However, you may want to customize what you returned in these situations. We can do that with the jwt_manager _loader functions.
from flask import Flask, jsonify, request
from flask_jwt_extended import JWTManager, jwt_required, create_access_token
app = Flask(__name__)
app.secret_key = 'super-secret' # Change this!
jwt = JWTManager(app)
# Use the expired_token_loader to call this function whenever an expired but
# otherwise valid access token tries to access an endpoint
@jwt.expired_token_loader
def my_expired_token_callback():
return jsonify({
'status': 401,
'sub_status': 101,
'msg': 'The token has expired'
}), 200
@app.route('/login', methods=['POST'])
def login():
username = request.json.get('username', None)
password = request.json.get('password', None)
if username != 'test' and password != 'test':
return jsonify({"msg": "Bad username or password"}), 401
ret = {'access_token': create_access_token(username)}
return jsonify(ret), 200
@app.route('/protected', methods=['GET'])
@jwt_required
def protected():
return jsonify({'hello': 'world'}), 200
if __name__ == '__main__':
app.run()
Loader functions are:¶
-
class
flask_jwt_extended.jwt_manager.
JWTManager
(app=None)[source]¶ -
expired_token_loader
(callback)[source]¶ Sets the callback method to be called if an expired JWT is received
The default implementation will return json ‘{“msg”: “Token has expired”}’ with a 401 status code.
Callback must be a function that takes zero arguments.
-
invalid_token_loader
(callback)[source]¶ Sets the callback method to be called if an invalid JWT is received.
The default implementation will return json ‘{“msg”: <err>}’ with a 401 status code.
Callback must be a function that takes only one argument, which is the error message of why the token is invalid.
-
needs_fresh_token_loader
(callback)[source]¶ Sets the callback method to be called if a valid and non-fresh token attempts to access an endpoint protected with @fresh_jwt_required.
The default implementation will return json ‘{“msg”: “Fresh token required”}’ with a 401 status code.
Callback must be a function that takes no arguments.
-
revoked_token_loader
(callback)[source]¶ Sets the callback method to be called if a blacklisted (revoked) token attempt to access a protected endpoint
The default implementation will return json ‘{“msg”: “Token has been revoked”}’ with a 401 status code.
Callback must be a function that takes no arguments.
Sets the callback method to be called if an invalid JWT is received
The default implementation will return ‘{“msg”: “Missing Authorization Header”}’ json with a 401 status code.
Callback must be a function that takes only one argument, which is the error message of why the token is invalid.
-