使用 flask-jwt-extended + ariadne (graphql) + react 设置身份验证/授权
[英]Set up authentication/authorization with flask-jwt-extended + ariadne (graphql) + react
问题描述
I'm trying to create an auth system for my react(nextjs) app with flask_JWT_extended + ariadne(graphql).
我正在尝试使用 flask_JWT_extended + ariadne(graphql) 为我的 react(nextjs) 应用程序创建一个身份验证系统。 I have succesfully set up the login mutation that retrieves the access and refresh token but I dont know how to properly integrate them into my app.我已成功设置登录突变以检索访问和刷新令牌,但我不知道如何将它们正确集成到我的应用程序中。 I am aware the access token is used to make subsequent requests and the refresh token is used to maintain token freshness but I dont know how to implement it with this stack.我知道访问令牌用于发出后续请求,刷新令牌用于保持令牌新鲜度,但我不知道如何使用此堆栈实现它。
mutations.py突变.py
Here is my login mutation that returns the access_token and refresh_token.这是我的登录突变,它返回 access_token 和 refresh_token。 It works fine.它工作正常。
@mutation.field("login")
@convert_kwargs_to_snake_case
def resolve_login(_, info, username, password):
user = User.query.filter_by(username=username).first()
if user and user.check_password(password):
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
payload = {
"user": user,
"access_token": access_token,
"refresh_token": refresh_token,
}
return payload
core.py核心.py
Here are my JWT configs, from what I have gathered online I am supposed to do a check on the token on each api request to maintain its freshness but I dont know how to do that especially with python + ariadne.这是我的 JWT 配置,根据我在网上收集的信息,我应该检查每个 api 请求上的令牌以保持其新鲜度,但我不知道如何做到这一点,尤其是使用 Z23EEEB4347BDD26BFC6B7EE9ZA3B7 时。 Here is a link with someone implementing it with nodejs: https://github.com/benawad/graphql-express-template/blob/22_advanced_jwt_auth/auth.js这是与使用nodejs实现它的人的链接: https://github.com/benawad/graphql-express-template/blob/22_advanced_jwt_auth/auth.js
app = Flask(__name__)
app.config["SQLALCHEMY_DATABASE_URI"] = "postgresql://localhost/pinkle"
app.config["JWT_SECRET_KEY"] = "this_is_a_secret"
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
JWTManager(app)
index.js index.js
Here is my front end making the call to login the user, it returns the tokens but I dont know where to utilize the tokens or if I should save it in client side state and just make calls with the token.这是我的前端调用登录用户,它返回令牌,但我不知道在哪里使用令牌,或者我是否应该将其保存在客户端 state 并使用令牌进行调用。
function login({ username, password }) {
axios
.post('http://localhost:5000/graphql', {
query: `mutation {
login(username: "${username}", password: "${password}") {
user {
id
username
password
}
}
}`,
})
.then(result => {
console.log(result.data)
})
}
1 个解决方案
解决方案1
-1 2021-05-10 15:11:42
The Flask-JWT-Extended documentation includes examples of utilizing JWTs from JavaScript which might be helpful for you: https://flask-jwt-extended.readthedocs.io/en/stable/token_locations/ Flask-JWT-Extended 文档包括使用 JavaScript 中的 JWT 的示例,这可能对您有所帮助: https://flask-jwt-extended.readthedocs.io/en/stable/token_locations/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.