I am trying to build a Flask backend with REST but I am unsure to use Flask-JWT or Flask-Login for managing user logins and authorization. I thought of using it both. Can I do so? If I can, then should I use @jwt_required() or **@login_required decorator?
Asked
Active
Viewed 2,247 times
0
-
NOTE for newcomers: use instead, the Flask-JWT-Extended, which is found https://flask-jwt-extended.readthedocs.io/en/stable/, has been updated more recently and has better documentation. – Alexey Nikonov Mar 21 '21 at 14:25
1 Answers
2
Have a look at the flask-jwt-extended package. It comes with very handy basic and advanced examples for using JSON Webtokens. The example I've linked uses a single decorator jwt_required.
And if you require re-authentication, there's an example using a refresh_token.
https://flask-jwt-extended.readthedocs.io/en/stable/token_freshness/
Be sure to read up on website authentication. Here's a good place to start:
But try keep it simple to start.
foxyblue
- 2,500
- 1
- 20
- 27
-
Thanks for the answer, it was helpful. But I actually wonder whether I still need Flask-Login when I use Flask-JWT/Flask-JWT-Extended, or not. – Alihan Kerestecioğlu Mar 23 '20 at 13:16
-
Here is a thread directly relevant to your case: https://github.com/maxcountryman/flask-login/issues/253 – foxyblue Mar 23 '20 at 14:36