To enable a user to logout, we must revoke their JWT. If the user attempts to reuse the same JWT, they will be denied access to the system. To achieve this, we need to create a storage solution for keeping revoked JWTs until their expiration.
### Creating a Blocklist for Revoked Tokens

First, we create a <u>blocklist.py</u> file and write:
``` python
BLOCKLIST = set()
```



### Checking if Token is Revoked

Next, in <u>app.py</u>, we import our **BLOCKLIST** variable and define a new function to check if a token is in the blocklist:
``` python
from blocklist import BLOCKLIST
...
def create_app():
    ...
    jwt = JWTManager(app)
   ...
   @jwt.token_in_blocklist_loader
def check_if_token_in_blocklist(jwt_header, jwt_payload):
       return jwt_payload["jti"] in BLOCKLIST
```

### Endpoint for User Logout

To facilitate user logout, we create a `UserLogout` class where we add the user's JWT to the `BLOCKLIST`:
``` python
@blp.route("/logout")
class UserLogout(MethodView):
   @jwt_required()
   def post(self):
       jti = get_jwt()["jti"]
       BLOCKLIST.add(jti)
       return {"message": "Successfully logged out"}, 200
```


This meticulously crafted course takes you from the foundational principles of APIs and REST, through the complexities of database relationships and schema management, to the intricacies of endpoint creation, authentication, and deployment. With a hands-on approach, you'll master Flask, SQLAlchemy, Flask-Smorest, and JWT authentication, culminating in a fully functional, secure, and deployable web API. Whether you're a beginner eager to dive into the world of web development or a seasoned programmer looking to refine your skills, this course offers a comprehensive, engaging, and practical learning experience, setting you up for professional success.

Dive into the world of web APIs with Flask, starting with the basics. You'll learn what APIs and REST APIs are, how to set up your project, configure your environment, and establish a GitHub SSH connection. This foundational knowledge will set you up for success.

Explore the core of database handling with SQLAlchemy. You'll learn to create robust models and understand many-to-one, one-to-one, and many-to-many relationships. This section empowers you with the skills to structure complex databases for real-world applications.

Unveil the power of Flask-Smorest and Marshmallow for managing web APIs and data serialization. You'll delve into JSON, schema handling, and the intricacies of data representation and validation, paving the way for advanced API development.

Master the art of creating and managing endpoints with Flask's Blueprints and MethodView. From setting up your first endpoints to exploring Flask-Migration and SQLite Studio, and utilizing tools like Postman and Insomnia, you'll craft scalable and maintainable web architectures.

Secure your web APIs with JWT authentication. Learn to set up Flask-JWT-Extended, handle user registration, login, and logout processes, and implement permissions and security measures. By the end of this section, you'll be adept at protecting and testing your endpoints.

Prepare your Flask project for deployment. This final leap covers the essentials: creating a requirements.txt, code formatting with Black and Flake8, and documenting your project with a README.md. You'll also master Git for version control and branch merging, readying you for a seamless project launch.

Professional Web API with Flask

Logout Endpoint

Creating a Blocklist for Revoked Tokens

Checking if Token is Revoked

Endpoint for User Logout