-
-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for required jwt-required-claims and jwt-certify-claims #64
Comments
Sounds reasonable to me. It may take a little bit, but I'll see about getting this implemented soon. Cheers 👍 |
For the first one having pyjwt pull this request would be ideal: jpadilla/pyjwt#280 |
Indeed 👍 . I'll wait on that for a bit to see if any progress is made on that being merged. |
I added a generalized callback method that will allow you to verify the custom claims in the access tokens. This will allow you to check if the keys exists, as well as do additional verification as desired. This adds two new callback loader methods to verify user_claims and change the return value if the user_claims verification fails # Old function, unchanged
@jwt.user_claims_loader
def add_custom_claims(identity):
return {
'foo': 'bar',
'baz': 'boom'
}
# New function, verify the user claims in an access token
@jwt.claims_verification_loader
def verify_user_claims(user_claims):
expected_keys = ['foo', 'baz']
for key in expected_keys:
if key not in user_claims:
return False
return True
# New function, change the return value if user claims verification failed.
# You don't have to implement this one, this is just so you can change the
# return value if you don't like the default implementation.
@jwt.claims_verification_failed_loader
def failed_user_claim_verification_error():
return jsonify({'msg': 'Access token is missing key 'foo' or 'baz'}), 404 I'll get a new version with this pushed out to pip soon. Cheers |
Released as version 3.2.0 |
flask-jwt describes usage of the jwt-required-claims and jwt-certify-claims but neither are implemented.
It would be good if flask-jwt-extended implemented it.
The text was updated successfully, but these errors were encountered: