On logout invalidate flask-JWT

Mayur Patil picture Mayur Patil · Jun 8, 2017 · Viewed 9.2k times · Source

I have generated Flask-JWT token for user authentication, but on logout i want to invalidate token. Now it's allowing to access route after logout.

@app.route('/logout', methods=['POST'])
@jwt_required
def logout():
    user = current_user
    user.authenticated = False
    db.session.commit()
    logout_user()
    return jsonify({'success': True})

Answer

vimalloc picture vimalloc · Jun 8, 2017

Check flask-jwt-extended. It has support for blacklisting tokens built in to the extension (and is still actively supported, unlike flask jwt which has been abandoned).

https://flask-jwt-extended.readthedocs.io/en/stable/blacklist_and_token_revoking/