Link

What is Fresh Token?

The fresh token pattern in flask-jwt-extended is also available in this extension. This pattern is very simple, you can choose to mark some access tokens as fresh and others as non-fresh

This is useful for allowing fresh tokens to do some critical things (such as update an email address or complete an online purchase), but to deny those features to non-fresh tokens. Utilizing Fresh tokens in conjunction with refresh tokens can lead to a more secure site, without creating a bad user experience by making users constantly re-authenticate.

Token Freshness

Table of contents

  1. What is Fresh Token?
  2. Configuration
  3. Create Token
  4. Protect Views
  5. Use Token Object
  6. Full Example Code

Configuration

There’s nothing to configurate to use fresh token pattern.

Create Token

Just pass True to fresh parameter when create access token

access_token = JWT.create_access_token(identity=username, fresh=True)

Find more about creating token

Protect Views

By decorate view function(method) with jwt_required, you can check token freshness

Pass True to fresh_required parameter of jwt_required.

@app.route("/protected", methods=["GET"])
@jwt_required(fresh_required=True)
async def protected(request: Request, token: Token):
    ...

Find more about protecting views

Use Token Object

propagated Token object contains freshness info in Token.fresh. if token type is not access or freshness not specifed, default value is None

token.fresh  # nullable

Find more about token object


Full Example Code

import uuid

from sanic import Sanic
from sanic.response import json
from sanic.request import Request

from sanic_jwt_extended import JWT, jwt_required
from sanic_jwt_extended.tokens import Token

app = Sanic(__name__)


with JWT.initialize(app) as manager:
    manager.config.secret_key = "secret"


@app.route("/login", methods=["POST"])
async def login(request: Request):
    username = request.json.get("username", "user")

    access_token = JWT.create_access_token(identity=username, fresh=True)

    return json(
        dict(access_token=access_token), status=200
    )


@app.route("/protected", methods=["GET"])
@jwt_required(fresh_required=True)
async def protected(request: Request, token: Token):
    return json(dict(identity=token.identity, is_fresh=token.fresh, raw_data=token.raw_data, exp=str(token.exp)))


if __name__ == "__main__":
    app.run()