Edited and changed the usage of JWT, because in fact the code and doc…

…umentation uses JWS tokens. (#79)
miguelgrinberg · Feb 5, 2019 · 3f743c6 · 3f743c6 · narendra1711 · Feb 26, 2020
1 parent c38c523
commit 3f743c6
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/docs/index.rst b/docs/index.rst
@@ -162,12 +162,17 @@ The ``HTTPTokenAuth`` is a generic authentication handler that can be used with
 
 The ``verify_token`` callback receives the authentication credentials provided by the client on the ``Authorization`` header. This can be a simple token, or can contain multiple arguments, which the function will have to parse and extract from the string.
 
-In the examples directory you can find a complete example that uses JWT tokens.
+In the examples directory you can find a complete example that uses
+JWS tokens.  JWS tokens are similar to JWT tokens.  However using JWT
+tokens would require an external dependency to handle JWT.
 
 Using Multiple Authentication Schemes
 -------------------------------------
 
-Applications sometimes need to support a combination of authentication methods. For example, a web application could be authenticated by sending client id and secret over basic authentication, while third party API clients use a JWT bearer token. The `MultiAuth` class allows you to protect a route with more than one authentication object. To grant access to the endpoint, one of the authentication methods must validate.
+Applications sometimes need to support a combination of authentication
+methods. For example, a web application could be authenticated by
+sending client id and secret over basic authentication, while third
+party API clients use a JWS or JWT bearer token. The `MultiAuth` class allows you to protect a route with more than one authentication object. To grant access to the endpoint, one of the authentication methods must validate.
 
 In the examples directory you can find a complete example that uses basic and token authentication.
 

diff --git a/examples/multi_auth.py b/examples/multi_auth.py
@@ -5,17 +5,17 @@
 "MultiAuth" class.
 
 The root URL for this application can be accessed via basic auth, providing
-username and password, or via token auth, providing a bearer JWT token.
+username and password, or via token auth, providing a bearer JWS token.
 """
 from flask import Flask, g
 from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth, MultiAuth
 from werkzeug.security import generate_password_hash, check_password_hash
-from itsdangerous import TimedJSONWebSignatureSerializer as JWT
+from itsdangerous import TimedJSONWebSignatureSerializer as JWS
 
 
 app = Flask(__name__)
 app.config['SECRET_KEY'] = 'top secret!'
-jwt = JWT(app.config['SECRET_KEY'], expires_in=3600)
+jws = JWS(app.config['SECRET_KEY'], expires_in=3600)
 
 basic_auth = HTTPBasicAuth()
 token_auth = HTTPTokenAuth('Bearer')
@@ -28,7 +28,7 @@
 }
 
 for user in users.keys():
-    token = jwt.dumps({'username': user})
+    token = jws.dumps({'username': user})
     print('*** token for {}: {}\n'.format(user, token))
 
 
@@ -46,7 +46,7 @@ def verify_password(username, password):
 def verify_token(token):
     g.user = None
     try:
-        data = jwt.loads(token)
+        data = jws.loads(token)
     except:  # noqa: E722
         return False
     if 'username' in data:

diff --git a/examples/token_auth.py b/examples/token_auth.py
@@ -8,7 +8,7 @@
 To gain access, you can use a command line HTTP client such as curl, passing
 one of the tokens:
 
-    curl -X GET -H "Authorization: Bearer <jwt-token>" http://localhost:5000/
+    curl -X GET -H "Authorization: Bearer <jws-token>" http://localhost:5000/
 
 The response should include the username, which is obtained from the token.
 """