Plz add function about _decode_jwt_from_session

Question

Plz add function about _decode_jwt_from_session

momentforever opened this issue 2 years ago · 1 comments

Description of the new feature / enhancement

add LocationType about get JWT from session(not from cookie).

Supporting information

One way to achieve (Demo)

def _decode_jwt_from_session(refresh: bool) -> Tuple[str, Optional[str]]:
    from flask import session
    if refresh:
        cookie_key = config.refresh_cookie_name
        csrf_header_key = config.refresh_csrf_header_name
        csrf_field_key = config.refresh_csrf_field_name
    else:
        cookie_key = config.access_cookie_name
        csrf_header_key = config.access_csrf_header_name
        csrf_field_key = config.access_csrf_field_name

    encoded_token = session.get(cookie_key)
    if not encoded_token:
        raise NoAuthorizationError('Missing cookie "{}"'.format(cookie_key))

    if config.csrf_protect and request.method in config.csrf_request_methods:
        csrf_value = request.headers.get(csrf_header_key, None)
        if not csrf_value and config.csrf_check_form:
            csrf_value = request.form.get(csrf_field_key, None)
        if not csrf_value:
            raise CSRFError("Missing CSRF token")
    else:
        csrf_value = None

    return encoded_token, csrf_value

Answer 1 · 2022-12-22T22:40:27.000Z

Seems reasonable. I can add this to my list of things to accomplish when time allows, or if you would like to make a PR to add this functionality, that is always welcome!