Integrate JSON Web tokens #21
Comments
|
There are the functions to use: |
|
We are not going to use Flask-JWT as it does what Flask-Login is already doing for us |
|
We should check which info to add to the JWT to be sure that the token can be invalidated on user request (or admin operation) |
|
A good tutorial to understand JWT content: |
|
This issue raised another question, now that we are learning more about authentication: it feels like Flask Login and Security gives too much bloatware and take too much control. I will think about this in the weekend. |
Let's start with some mega clean: - remove Flask Security - and so removing Flask Login - and removing also Flask admin JWT will help me saved my world. I hope. See pdonorio/restangulask#21
The scheme is complete, if i use valid credentials i get a JWT token. If i use this token on login_required endpoints, i get the payload from the JWT token. Very happy :) See pdonorio/restangulask#21
|
Have been testing JWT all week. They're so awesome they made us dump three Flask plugins and write our own authentication module! |
|
Note: JWT created at each login with valid credentials is always valid. We should save tokens created inside a global Graphdb node. |
|
Also note that such information can also be used to create a list of authenticated sessions to allow the user to force the logout of remote sessions |
|
@mdantonio |
|
JWT specifications will go on with #23 |
They will help us to remove any database on the Flask instance on the frontend side.
The text was updated successfully, but these errors were encountered: