async def logout():
jti = jwt.get_raw_jwt().get("jti")
async with app.db_pool.acquire() as con:
await con.execute(
"""
INSERT INTO
old_tokens (
token
)
VALUES
($1);
""", jti)
app.blacklisted_tokens.add(jti)
headers = {"Content-Type": "application/json"}
response = Response(json.dumps({
"status": 200,
"result": True
}),
headers=headers)
response.set_cookie("access_token_cookie", "", expires=0)
response.set_cookie("jwt_csrf_token", "", expires=0)
return response
async def post(cls):
jti = get_raw_jwt()['jti']
try:
revoked_token = TokenBlacklist(jti=jti)
revoked_token.add()
return {"message": LOGGED_OUT}, 200
except (ConnectionError) as e:
return {"message": str(e)}, 500
def wrapper(*args, **kwargs):
# standard quart_jwt_extended token verifications
await verify_jwt_in_request()
# custom group membership verification
groups = get_raw_jwt()[OIDC_GROUPS_CLAIM]
if group not in groups:
return (
{"result": "user not in group required to access this endpoint"},
401,
)
return await fn(*args, **kwargs)
async def refresh_expiring_jwts(response):
if str(request.url_rule) == "/api/logout":
return response
try:
exp_timestamp = jwt.get_raw_jwt()["exp"]
now = datetime.utcnow()
target_timestamp = datetime.timestamp(now + timedelta(minutes=30))
if target_timestamp > exp_timestamp:
access_token = jwt.create_access_token(
identity=jwt.get_jwt_identity())
response.set_cookie("access_token_cookie", access_token)
response.set_cookie("jwt_csrf_token",
jwt.get_csrf_token(access_token))
return response
except (RuntimeError, KeyError):
return response
async def logout2():
jti = get_raw_jwt()["jti"]
blacklist.add(jti)
return {"msg": "Successfully logged out"}, 200
async def logout2():
jti = get_raw_jwt()["jti"]
revoked_store.set(jti, "true", REFRESH_EXPIRES * 1.2)
return {"msg": "Refresh token revoked"}, 200
async def logout():
jti = get_raw_jwt()["jti"]
revoked_store.set(jti, "true", ACCESS_EXPIRES * 1.2)
return {"msg": "Access token revoked"}, 200