Notice: This page requires JavaScript to function properly.
Please enable JavaScript in your browser settings or update your browser.Permissions | Authentication with JWT
Professional Web API with Flask

PermissionsPermissions

Sometimes we need to differentiate the responsibilities of users on our website. For example, all users may view the list of players, but only registered users can view the list of teams, and only admins can delete, update, or create new instances. In the first and second cases, we simply add or omit the @jwt_required decorator. The third case will be discussed further.

JWT Claims in Flask

This is referred to as JWT claims in Flask. In JWT, we can pass additional information, such as a flag is_admin=True. By doing this, we only need to check the user's permissions once when we create the JWT, rather than every time the user makes a request.

Adding Special Claims to JWT

To add a special claim to JWT, we define a function similar to the error handling functions we wrote in the previous chapter:

This function is responsible for granting admin status only to the user with id=1. In this course, we will not cover adding this status to the user table in the database and retrieving this information to add it to the JWT.

Restricting Endpoints Beyond @jwt_required()

To add restrictions to endpoints beyond @jwt_required(), we include a check for the admin role:

get_jwt() is also imported from the flask_jwt_extended library.

In this way, we have a function for adding additional information about the user's status and functionality for checking this status.

1. What is the primary purpose of using JWT claims in Flask applications?
2. How can admin status be granted to a user through JWT in Flask?
3. How do you check for admin privileges in a Flask endpoint using JWT?
4. How do you restrict access to an endpoint to only registered users in Flask?

What is the primary purpose of using JWT claims in Flask applications?

Selecciona la respuesta correcta

How can admin status be granted to a user through JWT in Flask?

Selecciona la respuesta correcta

How do you check for admin privileges in a Flask endpoint using JWT?

Selecciona la respuesta correcta

How do you restrict access to an endpoint to only registered users in Flask?

Selecciona la respuesta correcta

¿Todo estuvo claro?

Sección 5. Capítulo 6
course content

Contenido del Curso

Professional Web API with Flask

1. Introduction to the Course

Course OutlineAbout APIAbout REST APIProject DescriptionProject InitializationEnvironment Configuration and Dependency ManagementEstablish SSH Connection to GitHub

2. Database and Models

SQLAlchemy Set UpCreate ModelsMany-to-One RelationshipOne-to-One RelationshipMany-to-Many Relationship

3. Flask-Smorest and Schemas

Introduction to Flask-SmorestIntroduction to MarshmallowJSON ExplanationSchema Handling with Marshmallow

4. Endpoints with Blueprints and MethodView

Blueprints and MethodView OverviewStart with Blueprints and MethodViewsFirst Endpoint, Flask-Migration and SQLite StudioPostman and InsomniaTeam EndpointsUser and Player EndpointsSwagger UI

5. Authentication with JWT

What is JWT?Flask-JWT-Extended Set UpUser RegistrationLogin EndpointJWT RequiredPermissionsLogout EndpointTesting New Endpoints

6. Deployment

Enhancing Your AppLast Git Push

Professional Web API with Flask

PermissionsPermissions

Sometimes we need to differentiate the responsibilities of users on our website. For example, all users may view the list of players, but only registered users can view the list of teams, and only admins can delete, update, or create new instances. In the first and second cases, we simply add or omit the @jwt_required decorator. The third case will be discussed further.

JWT Claims in Flask

This is referred to as JWT claims in Flask. In JWT, we can pass additional information, such as a flag is_admin=True. By doing this, we only need to check the user's permissions once when we create the JWT, rather than every time the user makes a request.

Adding Special Claims to JWT

To add a special claim to JWT, we define a function similar to the error handling functions we wrote in the previous chapter:

This function is responsible for granting admin status only to the user with id=1. In this course, we will not cover adding this status to the user table in the database and retrieving this information to add it to the JWT.

Restricting Endpoints Beyond @jwt_required()

To add restrictions to endpoints beyond @jwt_required(), we include a check for the admin role:

get_jwt() is also imported from the flask_jwt_extended library.

In this way, we have a function for adding additional information about the user's status and functionality for checking this status.

1. What is the primary purpose of using JWT claims in Flask applications?
2. How can admin status be granted to a user through JWT in Flask?
3. How do you check for admin privileges in a Flask endpoint using JWT?
4. How do you restrict access to an endpoint to only registered users in Flask?

What is the primary purpose of using JWT claims in Flask applications?

Selecciona la respuesta correcta

How can admin status be granted to a user through JWT in Flask?

Selecciona la respuesta correcta

How do you check for admin privileges in a Flask endpoint using JWT?

Selecciona la respuesta correcta

How do you restrict access to an endpoint to only registered users in Flask?

Selecciona la respuesta correcta

¿Todo estuvo claro?

Sección 5. Capítulo 6
some-alt