I'm looking to propagate a JWT token between my services running in docker using the library flask-jwt-extended and I have an idea of how I would do this using something similar to this:
request.post(url, json={"access_token": access_token, "refresh_token": refresh_token)
But in my experience I need to return a response to do this.
I already have the frontend creating tokens and protecting my routes. I just want to use that token to do the same for the backend.
I want to be able to login from my frontend application and when I login that propagates the token throughout the other services. How do I approach this?
I will send the post request to a function that will look something similar to this:
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == "POST":
resp = jsonify({'login': True})
set_access_cookies(resp, request.json["access_token"])
set_refresh_cookies(resp, request.json["refresh_token"])
return resp, 200
Do I need to return that response?
Token sharing should be accomplished via signature trust. Make sure that your other services "know" the public key of the trusted signer.
Here's the basics:
Frontend requests token from backend via authorization api
Backend validates credentials, issues token using 'RSXXX' algorithm, eg. 'RS512'
Frontend passes token to all calls to any of your backend services.
When backend receives a token it verifies signature and "source" using the public key identity of the token before applying token payload to the requested operation.
All backend services and the frontend should have a configuration element which defines one or more trusted public keys used for token signing.
This article has some helpful information on using a public/private key pair with pyjwt: https://blog.miguelgrinberg.com/post/json-web-tokens-with-public-key-signatures