def auth_login(): if not request.is_json: return error_bad_request() username = request.json.get('username') password = request.json.get('password') if not username or not password: return error_bad_login() user = User().query.filter_by(username=username).first() if not user or not user.checkpassword(password): return error_bad_login() access_token = create_access_token(username) return jsonify(token=access_token), 200 # OK