在 Flask 中刷新 JWT 返回“仅允许访问令牌”

【问题标题】:Refreshing JWT in Flask returns "Only access tokens are allowed"在 Flask 中刷新 JWT 返回“仅允许访问令牌”
【发布时间】:2021-04-16 03:20:29
【问题描述】:

我在刷新 JWT 令牌时遇到了一个奇怪的问题,我似乎无法在线找到解决方案。

我的简单登录方法:

@app.route("/api/login", methods=['POST'])
def app_login():
    json       = request.json
    form       = AppLoginForm.from_json(json)
    password   = json.get('password')
    mobile     = cleanup(json.get('mobile'))
    user_found = User.query.filter(and_(User.mobile == mobile, or_(User.user_type == UserType.dashboard_user.value, User.user_type == UserType.end_user.value, User.user_type == UserType.dashboard_and_end_user.value))).first()
    if user_found: #found
        if bc.check_password_hash(user_found.password, password):
            access_token = create_access_token(identity=user_found.mobile)
            refresh_token = create_refresh_token(identity=user_found.mobile)
            return send_response(True, None, { "access_token":access_token,"refresh_token":refresh_token }, 200)
        else:
            return send_response(False,[messages.WRONG_PASS], None, 406, {"case":  UserLoginMeta.wrong_password.value})

我刷新 JWT 令牌的简单方法:

@app.route('/api/refresh', methods=['POST'])
@jwt_refresh_token_required
def refresh_token():
    ''' refresh token endpoint '''
    current_user = get_jwt_identity()
    return send_response(True,None, [{ "access_token":create_access_token(identity=current_user)}])

用刷新令牌正常调用失败,用访问令牌调用也失败:

发送访问令牌 -> 给出 {"msg":"Only refresh tokens are allowed"}

curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MTAzNDczNDksIm5iZiI6MTYxMDM0NzM0OSwianRpIjoiODk4YjU1YmQtZjQzOS00OTE4LTkzZWQtN2UwMDNlZmEyM2M0IiwiZXhwIjoxNjEwNzc5MzQ5LCJpZGVudGl0eSI6Ijk2NjU0MTgyMjY3OSIsImZyZXNoIjpmYWxzZSwidHlwZSI6ImFjY2VzcyIsInVzZXJfY2xhaW1zIjp7ImlkZW50aXR5IjoiOTY2NTQxODIyNjc5IiwiZGV2aWNlIjp7ImlkIjoxMDk3NCwiSU1FSTEiOiIzNTI3MTQ0ODAxMjU2NzMiLCJJTUVJMiI6IjM1MjcxNDQ4MDE3NzY3NCIsInVuaXF1ZV9kZXZpY2VfaWQiOiJEZXNlcnQyMDAwMDAwMTY2In0sIndhcnJhbnR5Ijp7ImlkIjoyNjgsInNlcmlhbF9udW1iZXIiOiJXLTI3MzciLCJzdGF0dXMiOjIsInN0YXR1c190ZXh0IjoiQWN0aXZlIiwiZXhwaXJ5X2RhdGUiOiIyMDIzLzAxLzA2IiwibW9udGhzX2xlZnQiOjI0LCJkYXlzX2xlZnQiOjV9LCJhem9tX2NhcmUiOm51bGwsInVzZXIiOnsiaWQiOjM5OSwibW9iaWxlIjoiOTY2NTQxODIyNjc5IiwiZW1haWwiOiJhLm5hd2FmQGF6b210ZWNoLmNvbSIsImZpcnN0X25hbWUiOiJBYmVlciIsImxhc3RfbmFtZSI6Ik5hd2FmIn19fQ.PkFwQfIwStFkt3pCkZK919H203rDpLOD-96kcNEcRHw" -X POST http://localhost:5000/api/refresh

发送刷新令牌 -> 给出 {"msg":"Only access tokens are allowed"}

curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MTAzNDczNDksIm5iZiI6MTYxMDM0NzM0OSwianRpIjoiNDQxNzViNDYtNDZmZi00ZDUxLThmYzQtZTYwNjY4ZDlmNTU1IiwiZXhwIjoxNjEyOTM5MzQ5LCJpZGVudGl0eSI6Ijk2NjU0MTgyMjY3OSIsInR5cGUiOiJyZWZyZXNoIn0.VdevyrbAJL78TwNrPIPlWnyiB3swCtbg9cLwCMvmU8w" -X POST http://localhost:5000/api/refresh

为什么会这样??

【问题讨论】:

    标签: authentication flask jwt bearer-token


    【解决方案1】:

    我找到了原因。

    我在@app.before_request 上实现了一个处理程序方法,但我的逻辑被破坏了,它覆盖了刷新令牌的正常行为。

    我删除它后,它工作正常

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2021-12-14
      • 2021-08-23
      • 2020-10-15
      • 2019-06-04
      • 2021-01-25
      • 2018-10-16
      • 2020-11-26
      • 2022-12-23
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode