Example Python for How to secure an endpoint for selected users with Flask-JWT-Extended-280270

Search

CODE EXAMPLE FOR PYTHON

How to secure an endpoint for selected users with Flask-JWT-Extended

from functools import wraps
from flask_jwt_extended import current_user, jwt_protected

def userid_must_match(f):
    """Abort with a 403 Forbidden if the userid doesn't match the jwt token

    This decorator adds the @protected decorator

    Checks for a `userid` parameter to the function and aborts with 
    status code 403 if this doesn't match the user identified by the
    token.
    
    """

    @wraps(f)
    @jwt_protected
    def wrapper(*args, userid=None, **kwargs):
        if userid is not None and userid != current_user.id:
            abort(403)
        return f(*args, **kwargs)

    return wrapper

PREVIOUS	NEXT

Tagged: #How #secure #endpoint #selected #users

Search

CODE EXAMPLE FOR PYTHON

How to secure an endpoint for selected users with Flask-JWT-Extended

ADD COMMENT