from datetime import datetime from datetime import timedelta from datetime import timezone from flask import Flask from flask import jsonify from flask_jwt_extended import create_access_token from flask_jwt_extended import get_jwt from flask_jwt_extended import get_jwt_identity from flask_jwt_extended import jwt_required from flask_jwt_extended import JWTManager from flask_jwt_extended import set_access_cookies from flask_jwt_extended import unset_jwt_cookies app = Flask(__name__) # If true this will only allow the cookies that contain your JWTs to be sent # over https. In production, this should always be set to True app.config["JWT_COOKIE_SECURE"] = False app.config["JWT_TOKEN_LOCATION"] = ["cookies"] app.config["JWT_SECRET_KEY"] = "super-secret" # Change this in your code! app.config["JWT_ACCESS_TOKEN_EXPIRES"] = timedelta(hours=1) jwt = JWTManager(app) # Using an `after_request` callback, we refresh any token that is within 30 # minutes of expiring. Change the timedeltas to match the needs of your application. @app.after_request def refresh_expiring_jwts(response): try: exp_timestamp = get_jwt()["exp"] now = datetime.now(timezone.utc) target_timestamp = datetime.timestamp(now + timedelta(minutes=30)) if target_timestamp > exp_timestamp: access_token = create_access_token(identity=get_jwt_identity()) set_access_cookies(response, access_token) return response except (RuntimeError, KeyError): # Case where there is not a valid JWT. Just return the original response return response @app.route("/login", methods=["POST"]) def login(): response = jsonify({"msg": "login successful"}) access_token = create_access_token(identity="example_user") set_access_cookies(response, access_token) return response @app.route("/logout", methods=["POST"]) def logout(): response = jsonify({"msg": "logout successful"}) unset_jwt_cookies(response) return response @app.route("/protected") @jwt_required() def protected(): return jsonify(foo="bar") if __name__ == "__main__": app.run()