Revoke current token #22
Comments
|
That seems perfectly reasonable to me. We can add a new I'll see about getting a new released pushed which addresses this later today. Thanks for the feedback! 👍 |
This allows you to use 'get_raw_jwt()' in any jwt protected endpoint (jwt_required, fresh_jwt_required, refresh_jwt_required). Refs #22
|
I like the idea of the |
|
Oh, just saw that you added a commit pretty much exactly at the time when I sent my response. Thanks a lot! |
|
That bodes well, cause that what I just added 👍 I'll get a new release pushed to pypi here asap. Lmk if you have any issues with it. |
|
Will do! |
|
Thanks :) That is released as version 1.1.0. It should be available on pypi shortly. I'm going to go ahead and close this issue, but if any problems come up, please go ahead and re-open it. Cheers! |
I am implementing an API in flask using your lovely library for a jwt-based authentication. I would like to offer the authenticated client the option to revoke its own token ("logout"). How would I implement this? I am using redis for the blacklist backend. As far as I can tell, the only way to revoke a token is by its
jti. However, the library only stores the identity and the user claims on the app context.Would it make sense to store the full jwt on the app context and have the
get_jwt_identityandget_jwt_claimsfunctions just return the appropriate fields? This would allow for another function that returns thejti.The text was updated successfully, but these errors were encountered: