Reputation: 153
Flask API authentication
I am building a chrome extension that sends GET requests to a flask API I've built. I want to add some sort of authentication to the API so that only my chrome extension can receive that data.
I have looked into using a JSON web token but it seems that by doing that, I would have to have the username and password in my chrome extension code, which is easily accessible to anyone once the chrome extension is published.
Am I thinking about this in the wrong way?
Thanks
Upvotes: 0
Views: 410
Answers (1)
Reputation: 1757
You should not store a JWT with such data as some constant in the chrome extension code.
JWTs should be generated dynamically in this use case; I recommend this tutorial from Miguel.
I don't think, however, that this is the way to go. Read this. If you provide authentication (you know who your users are and they need to log in), then you can use those details to create a session based authentication or a JWT token approach (see Flask-Login, Flask-Security, Flask-Principal, Flask-JWT, etc.).
Upvotes: 0
Related Questions
- Flask Restul Basic Authentication
- Flask-Restful, oauth, and Salesforce
- Authenticate a flask API with oauth?
- Flask-restful basic Authentication
- how to use flask REST API authentication
- REST API: user-agent-based client (app) authorization
- Authentication for Flask-based API?
- How would I pass in authtoken in my browser get Requests
- Token based authentication with flask-security extension
- How to submit HTTP authentication (Flask BASIC Auth) with Selenium to ChromeDriver