def decode_token(encoded_token: str,
csrf_value: str = None,
allow_expired: bool = False) -> dict:
"""
Returns the decoded token (python dict) from an encoded JWT. This does all
the checks to ensure that the decoded token is valid before returning it.
This will not fire the user loader callbacks, save the token for access
in protected endpoints, checked if a token is revoked, etc. This is puerly
used to ensure that a JWT is valid.
:param encoded_token:
The encoded JWT to decode.
:param csrf_value:
Expected CSRF double submit value (optional).
:param allow_expired:
If ``True``, do not raise an error if the JWT is expired. Defaults to ``False``
:return:
Dictionary containing the payload of the JWT decoded JWT.
"""
jwt_manager = get_jwt_manager()
return jwt_manager._decode_jwt_from_config(encoded_token, csrf_value,
allow_expired)
def create_access_token(
identity,
fresh=False,
expires_delta=None,
additional_claims=None,
additional_headers=None,
):
"""
Create a new access token.
:param identity:
The identity of this token. It can be any data that is json serializable.
You can use :meth:`~flask_jwt_extended.JWTManager.user_identity_loader`
to define a callback function to convert any object passed in into a json
serializable format.
:param fresh:
If this token should be marked as fresh, and can thus access endpoints
protected with ``@jwt_required(fresh=True)``. Defaults to ``False``.
This value can also be a ``datetime.timedelta``, which indicate
how long this token will be considered fresh.
:param expires_delta:
A ``datetime.timedelta`` for how long this token should last before it
expires. Set to False to disable expiration. If this is None, it will use
the ``JWT_ACCESS_TOKEN_EXPIRES`` config value (see :ref:`Configuration Options`)
:param additional_claims:
Optional. A hash of claims to include in the access token. These claims are
merged into the default claims (exp, iat, etc) and claims returned from the
:meth:`~flask_jwt_extended.JWTManager.additional_claims_loader` callback.
On conflict, these claims take presidence.
:param headers:
Optional. A hash of headers to include in the access token. These headers
are merged into the default headers (alg, typ) and headers returned from
the :meth:`~flask_jwt_extended.JWTManager.additional_headers_loader`
callback. On conflict, these headers take presidence.
:return:
An encoded access token
"""
jwt_manager = get_jwt_manager()
return jwt_manager._encode_jwt_from_config(
claims=additional_claims,
expires_delta=expires_delta,
fresh=fresh,
headers=additional_headers,
identity=identity,
token_type="access",
)
def create_refresh_token(
identity: Any,
expires_delta: datetime.timedelta = None,
additional_claims=None,
additional_headers=None,
):
"""
Create a new refresh token.
:param identity:
The identity of this token. It can be any data that is json serializable.
You can use :meth:`~flask_jwt_extended.JWTManager.user_identity_loader`
to define a callback function to convert any object passed in into a json
serializable format.
:param expires_delta:
A ``datetime.timedelta`` for how long this token should last before it expires.
Set to False to disable expiration. If this is None, it will use the
``JWT_REFRESH_TOKEN_EXPIRES`` config value (see :ref:`Configuration Options`)
:param additional_claims:
Optional. A hash of claims to include in the refresh token. These claims are
merged into the default claims (exp, iat, etc) and claims returned from the
:meth:`~flask_jwt_extended.JWTManager.additional_claims_loader` callback.
On conflict, these claims take presidence.
:param headers:
Optional. A hash of headers to include in the refresh token. These headers
are merged into the default headers (alg, typ) and headers returned from the
:meth:`~flask_jwt_extended.JWTManager.additional_headers_loader` callback.
On conflict, these headers take presidence.
:return:
An encoded refresh token
"""
jwt_manager = get_jwt_manager()
return jwt_manager._encode_jwt_from_config(
claims=additional_claims,
expires_delta=expires_delta,
fresh=False,
headers=additional_headers,
identity=identity,
token_type="refresh",
)