This library was originally developed in a project where it was necessary to make usage of the same package among several smaller services on a microservice archictecture.
It was needed that a JWT token was validated on requests, checking whether it had the required structure and if it hadn't expired.
Flask Middleware JWT aims to improve a flask micro-framework with a new way of authenticating your services. For further reading on it's functionalities, plase check our medium article.
Run the command in shell:
pip3 install socketio_middleware_jwt
Example on how to set your flask app configuration:
app.config | possible values |
---|---|
MIDDLEWARE_URL_IDENTITY | http://0.0.0.0:5000 |
MIDDLEWARE_VERIFY_ENDPOINT | /token/verify |
MIDDLEWARE_BEARER | True or False |
MIDDLEWARE_VERIFY_HTTP_VERB | GET or POST |
JWT_SECRET | your secret |
JWT_ALGORITHMS | ['HS256'] |
EMIT_NAME | my_response |
@middleware_jwt_required
Validates initially if tokens via headers in requests contains "Autorization" before your jwt token and returns an invalid token message otherwise.
To start your app, please follow these instructions:
Navigate to the 'example' directory and execute either of the following commands on both 'identity' and 'your_app' folders:
flask run
or
python3 app.py
Once both services are up and running, use your prefered API Client, such as Postman to test your app.
Login:
For API Clients, input these parameters:
- Headers:
Content-Type: application/json
- POST
endpoint: http://127.0.0.1:5000/login
For Curl Commands:
curl -d '{"username": "test", "password": "test"}' -X POST -H "Content-Type: application/json" http://127.0.0.1:5000/login
A successful response should return you
{"access_token": "you_token"}
Token Verification:
For API Clients, input these parameters:
- Headers:
Key: Authorization
Bearer: jwt token returned from login request
- GET
endpoint: http://127.0.0.1:5000/your_path/verify
For Curl Commands:
curl -X GET -H "Authorization: Bearer you_token" http://127.0.0.1:5000/your_path/verify
Body of the message returned should be either related to your token integrity or in case of sucessful request:
{"message": "Authorization Valid"}
Test Response:
curl -X GET -H "Authorization: Bearer your_token" http://127.0.0.1:5001
Body of the message returned should be either related to your token integrity or in case of sucessful request:
Hello World!
Apache License, Version 2.0