https://github.com/jakkso/flask_blacklist
Flask extension to help check blacklisted tokens quickly
https://github.com/jakkso/flask_blacklist
flask flask-praetorian flask-sqlalchemy
Last synced: 6 months ago
JSON representation
Flask extension to help check blacklisted tokens quickly
- Host: GitHub
- URL: https://github.com/jakkso/flask_blacklist
- Owner: jakkso
- License: other
- Created: 2019-03-16T21:00:57.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2022-12-08T04:52:37.000Z (over 3 years ago)
- Last Synced: 2025-11-27T14:43:03.609Z (7 months ago)
- Topics: flask, flask-praetorian, flask-sqlalchemy
- Language: Python
- Homepage:
- Size: 180 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
## 🔥Flask_Blacklist🔥
[](https://travis-ci.com/jakkso/flask_blacklist)
[](https://github.com/ambv/black)
### What
It's a Flask extension designed to work with `flask_sqlalchemy` and `flask_pratorian` to blacklist tokens!
It stores blacklisted JWT's jti value in an in-memory store, allowing blacklist checks without
database calls. However, when a token is blacklisted, it is also persisted to the database.
### Why
* Emulate a redis store without actually using redis! 👍
* This is almost certainly slower than redis (It's python, after all).
* Why not, it's an excuse to get to know flask and associated libraries a little bit better. 👍
### How
You *are* using a [virtualenv](https://virtualenv.pypa.io/en/latest/), right?
`pip install flask-blacklist`
Then in your app factory function, initialize `Blacklist` *after* you've initialized your ORM.
# In global scope
from flask_blacklist import Blacklist, is_blacklisted
db = SQLAlchemy()
guard = Praetorian()
bl = Blacklist()
# In the app factory function
app = Flask(__name__)
db.init_app(app)
from app.models import Token, User
bl.init_app(app, Token) # Initialize after your ORM
# is_blacklisted is a helper function that Praetorian uses to determine if a token has been blacklisted
guard.init_app(app, User, is_blacklisted)
The Token database model needs to have two different class methods:
* `Token.blacklist_jti`
* Takes a single parameter, which is the `jti` string extracted from a JWT
* This method calll persist the blacklisted `jti` string to your database.
* `Token.get_blacklisted`
* Should return a list of already blacklisted tokens from the database
* The tokens returns should have a `jti` attribute containing string extracted from the token you want to blacklist
Then, in the route that needs to invalidate the token:
@auth_blueprint.route("/v1/auth/token", methods=["DELETE"])
@auth_required
def invalidate_token():
token = guard.read_token_from_header()
jti = guard.extract_jwt_token(token)["jti"]
bl.blacklist_jti(jti)
rv, code = {"success": True, "message": "token invalidated"}, 200
return jsonify(rv), code
Copyright 2019 Alexander Potts, MIT license.