Is there a grace period for blacklisting in flask-jwt-extended library?
Question
I am refreshing access tokens for every requests and blacklisting the previous token. The problem is if there are multiple consecutive requests, the first token is invalidated by the next request. Is there a feature in flask-jwt-extended that implements a grace period before blacklisting a token?
I am reading the docs and can't find this feature. Can you guys direct me to the right path to attain my objective?
1 answers
solution1
1 ACCPTED 2019-04-17 02:43:06
There is not a way to do this built into the extension. Because Flask-JWT-Extended doesn't have any knowledge of the store you are using to blacklist tokens it wouldn't really make sense to have that be a feature of this extension.
However, because you control the method that checks if a token is revoked or not this would be pretty easy to do. When you store a token to be blacklisted, you can store the timestamp for when it was blacklisted. Then in your callback function that checks if a token is blacklisted, you can compare that timestamp of when the token was blacklisted with the current time minus a timedelta to give the resulting check a grace period.
It might also be a good idea to read this for some alternatives for creating a new token on every request: Flask JWT extend validity of token on each request
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.