Reputation: 221
Retrieving token value from a website using Flask API and storing token value
So I am fairly new to flask and I am currently trying to create a flask api for a project I am working on. However, there are a couple of issues I am facing.
The 1st issue that I can't seem to solve is trying to get like a python script/function within the flask api to log on to a website? What I was thinking was store my user credentials on a separate path and use a secret key(Do not want other users to know credentials), but I am not sure if that is the best way to approach this issue.
The second issue I can't seem to solve is after I log on to the website, how can I or would I retrieve a token value if the token can be retrieved by hitting a drop down menu?
The last issue I am having a hard time with is what would be the best option for storing this token? I was originally thinking Redis would do, but I just want to know if there is a better way. Also, I plan on having this flask api/python service running in the background.
Any help is greatly appreciated.
Just to give some more context, the website I am working with logs me off after a certain time after I retrieve the token.
Upvotes: -1
Views: 3363
Answers (1)
Reputation: 2022
The best way to manage login is through the json web token(JWT). Through the use of JWT it is not necessary to save any token since you can obtain all the information necessary to manage the user by extrapolating the content of the token.
To do this with flask, you can use the Flask-JWT library, which implements all the features needed to manage JWT, or by Flask-JWT-Extended. Flask-JWT-Extended is very similar to Flask-JWT, but has more configuration options and some more functionality. For example, it allows for token refreshing.
The workflow should look like this:
- The user logs in via the appropriate rest call, if the credentials are correct, then create the JWT and return it to the client, which takes care of saving it locally and reusing it in subsequent calls
- For all subsequent calls that require authentication, the client will take care of specifying the JWT within the HTTP request header
- The server rest that receives the call takes care of extrapolating the content of the token (verifying that it is valid) obtaining the necessary information.
Example taken from Flask-JWT-Extended Basic Usage:
from flask import Flask
from flask import jsonify
from flask import request
from flask_jwt_extended import create_access_token
from flask_jwt_extended import get_jwt_identity
from flask_jwt_extended import jwt_required
from flask_jwt_extended import JWTManager
app = Flask(__name__)
# Setup the Flask-JWT-Extended extension
app.config["JWT_SECRET_KEY"] = "super-secret" # Change this!
jwt = JWTManager(app)
# Create a route to authenticate your users and return JWTs. The
# create_access_token() function is used to actually generate the JWT.
@app.route("/login", methods=["POST"])
def login():
username = request.json.get("username", None)
password = request.json.get("password", None)
if username != "test" or password != "test":
return jsonify({"msg": "Bad username or password"}), 401
access_token = create_access_token(identity=username)
return jsonify(access_token=access_token)
# Protect a route with jwt_required, which will kick out requests
# without a valid JWT present.
@app.route("/protected", methods=["GET"])
@jwt_required()
def protected():
# Access the identity of the current user with get_jwt_identity
current_user = get_jwt_identity()
return jsonify(logged_in_as=current_user), 200
if __name__ == "__main__":
app.run()
HTTP call to authenticate:
$ http POST :5000/login username=test password=test
HTTP/1.0 200 OK
Content-Length: 288
Content-Type: application/json
Date: Sun, 24 Jan 2021 18:10:39 GMT
Server: Werkzeug/1.0.1 Python/3.8.6
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTYxMTUxMTgzOSwianRpIjoiMmI0NzliNTQtYTI0OS00ZDNjLWE4NjItZGVkZGIzODljNmVlIiwibmJmIjoxNjExNTExODM5LCJ0eXBlIjoiYWNjZXNzIiwic3ViIjoidGVzdCIsImV4cCI6MTYxNDEwMzgzOX0.UpTueBRwNLK8e-06-oo5Y_9eWbaN5T3IHwKsy6Jauaw"
}
HTTP call to use protected endpoint:
http GET :5000/protected Authorization:"Bearer <access_token>"
HTTP/1.0 200 OK
Content-Length: 24
Content-Type: application/json
Date: Sun, 24 Jan 2021 18:12:02 GMT
Server: Werkzeug/1.0.1 Python/3.8.6
{
"logged_in_as": "test"
}
Upvotes: 3
Related Questions
- Flask API security token with curl Python
- Flask Rest API - How to use Bearer API token in python requests
- Unable to get json web token from Flask
- How to read a bearer token from postman into Python code?
- Obtaining and storing refresh token using Authlib with flask
- Storing a URL and token in a cookie using Flask
- How to create a request object to get a token
- Token based authentication in Flask
- Flask token generating
- flask-jwt How handle a token?