jwt-flask-extended sends back same access token for any user always. I have integrated Flask with apache. Using Python 2.7.5, Operating System - Red Hat Enterprise Linux Server release 7.3 (Maipo). Find the code below.
app = Flask(__name__)
CORS(app)
@app.before_request
def log_request_info():
app.logger.debug('Headers: %s', request.headers)
app.logger.debug('Body: %s', request.get_data())
mysql = MySQL()
# MySQL configurations
app.config['MYSQL_DATABASE_USER'] = 'user'
app.config['MYSQL_DATABASE_PASSWORD'] = 'password'
app.config['MYSQL_DATABASE_DB'] = 'userdb'
app.config['MYSQL_DATABASE_HOST'] = 'mysql-host'
mysql.init_app(app)
# Setup the Flask-JWT-Extended extension
app.config['JWT_SECRET_KEY'] = 'Changeit' # Change this! if needed
app.config['JWT_EXPIRATION_DELTA'] = timedelta(seconds=28800)
jwt = JWTManager(app)
@app.route('/auth/token', methods=['POST'])
def login():
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
uid = request.json.get('uid', None)
username = request.json.get('username', None)
if not uid:
return jsonify({"msg": "Missing required parameter"}), 400
if not username:
return jsonify({"msg": "Missing required parameter"}), 400
# Identity can be any data that is json serializable
access_token = create_access_token(identity=uid)
return jsonify(access_token=access_token), 200
WSGIPassAuthorization On.
I added this directive to Apache mod wsgi config file. It started working as expected .