To apply new login request functionality to endpoints, it means that before making a request for an action (e.g., returning a list of players or creating a new one), a user must send a valid JWT.

JWT Validation

Our application can easily check if the JWT is valid because it is signed by our application.

Example: Applying Security to Team Endpoints

For example, only authorized users can delete, modify, or add teams, while unauthorized users can only access information. To achieve this, we apply a new decorator @jwt_required imported from the flask_jwt_extended library to the respective methods. This decorator is similarly applied to views of other models.

Error Handling

To effectively handle errors, we need to add some code to our app.py. Here are a few scenarios that can occur with JWT usage:

• The JWT can expire - it is not infinite;
• The JWT can be invalid if the client has tampered with it;
• No JWT is provided when it is required, among others.

In the app.py file, under the initialization of our JWT, we will write several functions to handle the most common errors.

In these functions, we use the jsonify function imported from the Flask library. jsonify is a Flask function used to convert data into a JSON format response, making it easy to send structured, HTTP-friendly responses from a server to a client.