def post(self): # get payload payload = User.parser.parse_args() # check user user = UserService.getDataByUsername(payload['username']) if user and safe_str_cmp(user.password, payload['password']): access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(user.id) return { 'access_token': access_token, 'refresh_token': refresh_token }, 200 return {'message': 'invalid credentials'}, 401