Notice: This page requires JavaScript to function properly.
Please enable JavaScript in your browser settings or update your browser.Learn Logout Endpoint | Authentication with JWT
Professional Web API with Flask
course content

Course Content

Professional Web API with Flask

Professional Web API with Flask

1. Introduction to the Course
Course OutlineAbout APIAbout REST APIProject DescriptionProject InitializationEnvironment Configuration and Dependency ManagementEstablish SSH Connection to GitHub
2. Database and Models
SQLAlchemy Set UpCreate ModelsMany-to-One RelationshipOne-to-One RelationshipMany-to-Many Relationship
3. Flask-Smorest and Schemas
Introduction to Flask-SmorestIntroduction to MarshmallowJSON ExplanationSchema Handling with Marshmallow
4. Endpoints with Blueprints and MethodView
Blueprints and MethodView OverviewStart with Blueprints and MethodViewsFirst Endpoint, Flask-Migration and SQLite StudioPostman and InsomniaTeam EndpointsUser and Player EndpointsSwagger UI
5. Authentication with JWT
What is JWT?Flask-JWT-Extended Set UpUser RegistrationLogin EndpointJWT RequiredPermissionsLogout EndpointTesting New Endpoints
6. Deployment
Enhancing Your AppLast Git Push

book
Logout Endpoint

To enable a user to logout, we must revoke their JWT. If the user attempts to reuse the same JWT, they will be denied access to the system. To achieve this, we need to create a storage solution for keeping revoked JWTs until their expiration.

Creating a Blocklist for Revoked Tokens

First, we create a blocklist.py file and write:

BLOCKLIST = set()

Checking if Token is Revoked

Next, in app.py, we import our BLOCKLIST variable and define a new function to check if a token is in the blocklist:

from blocklist import BLOCKLIST
...
def create_app():
    ...
    jwt = JWTManager(app)
   ...
   @jwt.token_in_blocklist_loader
def check_if_token_in_blocklist(jwt_header, jwt_payload):
       return jwt_payload["jti"] in BLOCKLIST

Endpoint for User Logout

To facilitate user logout, we create a UserLogout class where we add the user's JWT to the BLOCKLIST:

@blp.route("/logout")
class UserLogout(MethodView):
   @jwt_required()
   def post(self):
       jti = get_jwt()["jti"]
       BLOCKLIST.add(jti)
       return {"message": "Successfully logged out"}, 200

Everything was clear?

How can we improve it?

Thanks for your feedback!

SectionΒ 5. ChapterΒ 7

Ask AI

expand

Ask AI

ChatGPT

Ask anything or try one of the suggested questions to begin our chat

course content

Course Content

Professional Web API with Flask

Professional Web API with Flask

1. Introduction to the Course
Course OutlineAbout APIAbout REST APIProject DescriptionProject InitializationEnvironment Configuration and Dependency ManagementEstablish SSH Connection to GitHub
2. Database and Models
SQLAlchemy Set UpCreate ModelsMany-to-One RelationshipOne-to-One RelationshipMany-to-Many Relationship
3. Flask-Smorest and Schemas
Introduction to Flask-SmorestIntroduction to MarshmallowJSON ExplanationSchema Handling with Marshmallow
4. Endpoints with Blueprints and MethodView
Blueprints and MethodView OverviewStart with Blueprints and MethodViewsFirst Endpoint, Flask-Migration and SQLite StudioPostman and InsomniaTeam EndpointsUser and Player EndpointsSwagger UI
5. Authentication with JWT
What is JWT?Flask-JWT-Extended Set UpUser RegistrationLogin EndpointJWT RequiredPermissionsLogout EndpointTesting New Endpoints
6. Deployment
Enhancing Your AppLast Git Push

book
Logout Endpoint

To enable a user to logout, we must revoke their JWT. If the user attempts to reuse the same JWT, they will be denied access to the system. To achieve this, we need to create a storage solution for keeping revoked JWTs until their expiration.

Creating a Blocklist for Revoked Tokens

First, we create a blocklist.py file and write:

BLOCKLIST = set()

Checking if Token is Revoked

Next, in app.py, we import our BLOCKLIST variable and define a new function to check if a token is in the blocklist:

from blocklist import BLOCKLIST
...
def create_app():
    ...
    jwt = JWTManager(app)
   ...
   @jwt.token_in_blocklist_loader
def check_if_token_in_blocklist(jwt_header, jwt_payload):
       return jwt_payload["jti"] in BLOCKLIST

Endpoint for User Logout

To facilitate user logout, we create a UserLogout class where we add the user's JWT to the BLOCKLIST:

@blp.route("/logout")
class UserLogout(MethodView):
   @jwt_required()
   def post(self):
       jti = get_jwt()["jti"]
       BLOCKLIST.add(jti)
       return {"message": "Successfully logged out"}, 200

Everything was clear?

How can we improve it?

Thanks for your feedback!

SectionΒ 5. ChapterΒ 7
some-alt