flask-jwt-extended

问题 I have a plotly dash app which I would like to hold behind a route that is protected with a JWT. My end goal is to contain this in an iframe on a separate route, but I only want the user to be able to get the html of th dash app if they have an access token. I have retried returning the app itself in a get request. App.py import dash from flask import Flask, jsonify, request from flask_jwt_extended import ( JWTManager, jwt_required, create_access_token, get_jwt_identity ) server = Flask(_

问题 When making a request to a flask route that requires a JWT to access using ( @jwt_required decorator on flask-restful resources), I get a 422 UNPROCESSABLE ENTITY with the message: The specified alg value is not allowed . When logging in and navigating to the (frontend) route that calls the request: this.axios.get("/jobs").then(res => { console.log(res.data); this.jobs = res.data.jobs; }); in the same go, it works as expected, however on refresh it then shows the 422 error. I store the token

问题 Again fighting trying to make my first flask application, this time, (after I created every I need and all works smoothly) I'm trying to protect some endpoints with flask_jwt_extended , but I can't find how to work with them in my pages, the documentation is mostly about displaying JSON messages and some tutorials use postman while in my case I'm using HTML templates. For example, a user sends his credentials from the login page to this endpoint : @app.route('/login', methods=['POST']) def

问题 Scenario A logged in user will have a token expiry of 24 hours. Within that period, all request with @jwt_required decorator will have the current access token's expiry extended by another 24 hours. There is a maximum validity of 168(24 * 7) hours. It is possible to use access_token and refresh_token. ret = { 'access_token': create_access_token(identity=username, fresh=True), 'refresh_token': create_refresh_token(identity=username) } But that means every API call from my applicatino will be