TechQA.

How do I solve flask authentication?

41 views Asked by At

I am trying to do authentication in my flask app. After loggin in the user is redirected to protected endpoint /forms. But everytime I am getting redirected I get message

{
    "msg": "Missing Authorization Header"
}

Right now I am doing authorization via params but it is not good aproach.

app = Flask(__name__)
app.config['JWT_SECRET_KEY'] = 'super-secret'
app.config['SECRET_KEY'] = 'your_secret_key_here'
jwt = JWTManager(app)

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form.get('username')
        password = request.form.get('password')

        if not username or not password:
            return jsonify({"msg": "Missing username or password"}), 400

        if authenticate(username, password):
            access_token = create_access_token(identity={'username': username})
            tokens[username] = access_token
            response = redirect(url_for('forms', username=username, access_token=access_token))
            response.headers['Authorization'] = 'Bearer ' + access_token
            return response
            return redirect(url_for('forms', username=username, access_token=access_token))
        else:
            return jsonify({"msg": "Invalid username or password"}), 401
    else:
        return render_template('login.html')

def check_key_and_token(username, access_token):
    if username not in tokens.keys():
        return jsonify({"msg": "Invalid username"}), 401
    if not access_token:
        return jsonify({"msg": "Missing token"}), 401
    if access_token == tokens[username]:
        return True
    else:
        return jsonify({"msg": "Invalid token"}), 401

@app.route('/<username>/forms', methods=['GET', 'POST'])
@jwt_required()
def forms(username):
    access_token = request.args.get('access_token')
    if check_key_and_token(username, access_token) is not True:
        return check_key_and_token(username, access_token)

    if request.method == 'POST':
        input_text = request.form.get('input_text')
        return redirect(url_for('weather', username=username, access_token=access_token, city=input_text))
    else:
        return render_template('forms.html')
    ```

Does anybody know how to make it work?
python flask jwt endpoint flask-restful
Original Q&A
1

There are 1 answers

0
someexgoogler On

There is a general principle in security that should not reinvent something, because you're likely to mess it up (not that you're bad at it, but it's too easy to screw it up). I'd recommend using a package like flask_login for this.

Related Questions in PYTHON

Related Questions in FLASK

Related Questions in JWT

Related Questions in ENDPOINT

Related Questions in FLASK-RESTFUL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions