Micro Services Classroom Series – 04/Dec/2021

Access tokens and refresh tokens

  • Access tokens have often an expiration time, Beacuse access tokens will expire we need a function to refresh it without asking the users to authenticate again.
  • We create a refresh token and send that when the user authenticates along with access token.
  • Refresh tokens are generally long live tokens, when the access tokens expire we can get the new access token by calling to a resource where we send both access and refresh tokens to get the new access token
  • A refresh token is used to get the new access tokens only
  • In Flask jwt extended package we have create_refresh_token function which can create a refresh token
  • In some cases even though the user is authenticated, to perform some actions the application expects the user to authenticate again (Changing profile pic etc), to handle this flask jwt token uses the freshness pattern. Refer Here
  • Refer Here for the changes

User Logout Mechanism

  • The way we can implement the logout function is blacklist.
  • A blacklist is an access control mechansim (email, token, id etc).
  • Now we will be implementing the black_list function on tokens so that if implements the user logout function.
  • Lets add a database model for token black list and apply migrations
  • Refer Here for the changes
  • Refer Here for the implementation of black list functionality.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin