Logout Endpoint
To enable a user to logout, we must revoke their JWT. If the user attempts to reuse the same JWT, they will be denied access to the system. To achieve this, we need to create a storage solution for keeping revoked JWTs until their expiration.
Creating a Blocklist for Revoked Tokens
First, we create a blocklist.py file and write:
BLOCKLIST = set()
Checking if Token is Revoked
Next, in app.py, we import our BLOCKLIST variable and define a new function to check if a token is in the blocklist:
from blocklist import BLOCKLIST
...
def create_app():
...
jwt = JWTManager(app)
...
@jwt.token_in_blocklist_loader
def check_if_token_in_blocklist(jwt_header, jwt_payload):
return jwt_payload["jti"] in BLOCKLIST
Endpoint for User Logout
To facilitate user logout, we create a UserLogout
class where we add the user's JWT to the BLOCKLIST
:
@blp.route("/logout")
class UserLogout(MethodView):
@jwt_required()
def post(self):
jti = get_jwt()["jti"]
BLOCKLIST.add(jti)
return {"message": "Successfully logged out"}, 200
Merci pour vos commentaires !
Demandez à l'IA
Demandez à l'IA
Posez n'importe quelle question ou essayez l'une des questions suggérées pour commencer notre discussion
Awesome!
Completion rate improved to 3.03
Logout Endpoint
Glissez pour afficher le menu
To enable a user to logout, we must revoke their JWT. If the user attempts to reuse the same JWT, they will be denied access to the system. To achieve this, we need to create a storage solution for keeping revoked JWTs until their expiration.
Creating a Blocklist for Revoked Tokens
First, we create a blocklist.py file and write:
BLOCKLIST = set()
Checking if Token is Revoked
Next, in app.py, we import our BLOCKLIST variable and define a new function to check if a token is in the blocklist:
from blocklist import BLOCKLIST
...
def create_app():
...
jwt = JWTManager(app)
...
@jwt.token_in_blocklist_loader
def check_if_token_in_blocklist(jwt_header, jwt_payload):
return jwt_payload["jti"] in BLOCKLIST
Endpoint for User Logout
To facilitate user logout, we create a UserLogout
class where we add the user's JWT to the BLOCKLIST
:
@blp.route("/logout")
class UserLogout(MethodView):
@jwt_required()
def post(self):
jti = get_jwt()["jti"]
BLOCKLIST.add(jti)
return {"message": "Successfully logged out"}, 200
Merci pour vos commentaires !