Changing Default Behaviors¶
We provide what we think are sensible behaviors when attempting to access a protected endpoint. If the JWT is not valid for any reason (missing, expired, tampered with, etc) we will return json in the format of {‘msg’: ‘why accessing endpoint failed’} along with an appropriate http status code (401 or 422). However, you may want to customize what you return in some situations. We can do that with the jwt_manager loader functions. An example of this looks like:
from flask import Flask, jsonify, request
from flask_jwt_simple import JWTManager, jwt_required, create_jwt
app = Flask(__name__)
app.config['JWT_SECRET_KEY'] = 'super-secret' # Change this!
jwt = JWTManager(app)
# Using the expired_token_loader decorator, we will now call
# this function whenever an expired but otherwise valid access
# token attempts to access an endpoint. There are other
# behaviors tht can be changed with these loader functions.
# Check the docs for a full list.
@jwt.expired_token_loader
def my_expired_token_callback():
err_json = {
"status": 401,
"title": "Expired JWT",
"detail": "The JWT has expired"
}
return jsonify(err_json), 401
@app.route('/login', methods=['POST'])
def login():
username = request.json.get('username', None)
password = request.json.get('password', None)
if username != 'test' or password != 'test':
return jsonify({"msg": "Bad username or password"}), 401
ret = {'access_token': create_jwt(username)}
return jsonify(ret), 200
@app.route('/protected', methods=['GET'])
@jwt_required
def protected():
return jsonify({'hello': 'world'}), 200
if __name__ == '__main__':
app.run()
Possible loader functions are:
| Loader Decorator | Description | Function Arguments |
|---|---|---|
| expired_token_loader | Function to call when an expired token accesses a protected endpoint | None |
| invalid_token_loader | Function to call when an invalid token accesses a protected endpoint | Takes one argument - an error string indicating why the token is invalid |
| unauthorized_loader | Function to call when a request with no JWT accesses a protected endpoint | Takes one argument - an error string indicating why the request in unauthorized |