在flask-jwt扩展的库中是否有宽限期可将其列入黑名单?
[英]Is there a grace period for blacklisting in flask-jwt-extended library?
问题描述
I am refreshing access tokens for every requests and blacklisting the previous token. 
我正在为每个请求刷新访问令牌,并将上一个令牌列入黑名单。 The problem is if there are multiple consecutive requests, the first token is invalidated by the next request. 问题是如果有多个连续的请求,则下一个请求会使第一个令牌无效。 Is there a feature in flask-jwt-extended that implements a grace period before blacklisting a token? flask-jwt-extended中是否存在在将令牌列入黑名单之前实现宽限期的功能?
I am reading the docs and can't find this feature. 我正在阅读文档,但找不到此功能。 Can you guys direct me to the right path to attain my objective? 你们能指引我正确的道路去实现我的目标吗?
1 个解决方案
解决方案1
1 已采纳 2019-04-17 02:43:06
There is not a way to do this built into the extension. 无法在扩展程序中内置此功能。 Because Flask-JWT-Extended doesn't have any knowledge of the store you are using to blacklist tokens it wouldn't really make sense to have that be a feature of this extension. 因为Flask-JWT-Extended对您用来将令牌列入黑名单的商店一无所知,所以将其作为此扩展的功能实际上没有任何意义。
However, because you control the method that checks if a token is revoked or not this would be pretty easy to do. 但是,因为可以控制检查令牌是否已吊销的方法,所以这很容易做到。 When you store a token to be blacklisted, you can store the timestamp for when it was blacklisted. 当您存储要列入黑名单的令牌时,可以存储其被列入黑名单的时间戳。 Then in your callback function that checks if a token is blacklisted, you can compare that timestamp of when the token was blacklisted with the current time minus a timedelta to give the resulting check a grace period. 然后,在检查令牌是否已列入黑名单的回调函数中,您可以将令牌被列入黑名单的时间戳与当前时间减去一个时间增量进行比较,以给出宽限期。
It might also be a good idea to read this for some alternatives for creating a new token on every request: Flask JWT extend validity of token on each request 对于在每个请求上创建新令牌的一些替代方法,请阅读此内容也是一个好主意: Flask JWT在每个请求上扩展令牌的有效性
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.