Skip to content

Commit

Permalink
Replace itsdangerous with pyjwt in examples (Fixes #157)
Browse files Browse the repository at this point in the history
  • Loading branch information
miguelgrinberg committed Feb 11, 2023
1 parent 03ff944 commit 6f708b0
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 10 deletions.
12 changes: 8 additions & 4 deletions examples/multi_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,18 @@
The root URL for this application can be accessed via basic auth, providing
username and password, or via token auth, providing a bearer JWS token.
This example requires the PyJWT package to be installed.
"""
from time import time
from flask import Flask
from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth, MultiAuth
from werkzeug.security import generate_password_hash, check_password_hash
from itsdangerous import TimedJSONWebSignatureSerializer as JWS
import jwt


app = Flask(__name__)
app.config['SECRET_KEY'] = 'top secret!'
jws = JWS(app.config['SECRET_KEY'], expires_in=3600)

basic_auth = HTTPBasicAuth()
token_auth = HTTPTokenAuth('Bearer')
Expand All @@ -28,7 +30,8 @@
}

for user in users.keys():
token = jws.dumps({'username': user})
token = jwt.encode({'username': user, 'exp': int(time()) + 3600},
app.config['SECRET_KEY'], algorithm='HS256')
print('*** token for {}: {}\n'.format(user, token))


Expand All @@ -42,7 +45,8 @@ def verify_password(username, password):
@token_auth.verify_token
def verify_token(token):
try:
data = jws.loads(token)
data = jwt.decode(token, app.config['SECRET_KEY'],
algorithms=['HS256'])
except: # noqa: E722
return False
if 'username' in data:
Expand Down
18 changes: 12 additions & 6 deletions examples/token_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,38 +2,44 @@
"""Token authentication example
This example demonstrates how to protect Flask endpoints with token
authentication, using tokens.
authentication, using JWT tokens. To use this example you need to install the
PyJWT library:
pip install pyjwt
When this application starts, a token is generated for each of the two users.
To gain access, you can use a command line HTTP client such as curl, passing
one of the tokens:
curl -X GET -H "Authorization: Bearer <jws-token>" http://localhost:5000/
The response should include the username, which is obtained from the token.
The response should include the username, which is obtained from the token. The
tokens have a validity time of one hour, after which they will be rejected.
"""
from time import time
from flask import Flask
from flask_httpauth import HTTPTokenAuth
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
import jwt


app = Flask(__name__)
app.config['SECRET_KEY'] = 'top secret!'
token_serializer = Serializer(app.config['SECRET_KEY'], expires_in=3600)

auth = HTTPTokenAuth('Bearer')


users = ['john', 'susan']
for user in users:
token = token_serializer.dumps({'username': user}).decode('utf-8')
token = jwt.encode({'username': user, 'exp': int(time()) + 3600},
app.config['SECRET_KEY'], algorithm='HS256')
print('*** token for {}: {}\n'.format(user, token))


@auth.verify_token
def verify_token(token):
try:
data = token_serializer.loads(token)
data = jwt.decode(token, app.config['SECRET_KEY'],
algorithms=['HS256'])
except: # noqa: E722
return False
if 'username' in data:
Expand Down

0 comments on commit 6f708b0

Please sign in to comment.