Mobile version Problem: < /strong>
Ich baue ein Flask-Backend mit Flask-restful, Flask-jwt-erweitert und postgresql. Beim Testen von JWT -Token -Ablauf über Postmanen führen abgelaufene Token konsistent zu einem 500 internen Serverfehler anstelle einer 401 nicht autorisierten Antwort. /> Derzeit führt ein abgelaufener Token zu diesem Fehler:
{"Nachricht": "Interner Server -Fehler"} < /p>
Server -Logback TraceBack: < /strong> jwt.Exceptions.expiredSignatureError: Signature hat abgelaufen < /p>
Flask App -Initialisierung ( init .py)
from flask import Flask, jsonify
from flask_jwt_extended import JWTManager
from flask_restful import Api
from flask_cors import CORS
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
import os
from dotenv import load_dotenv
load_dotenv()
app = Flask(__name__)
CORS(app, supports_credentials=True)
app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE_URL')
app.config['JWT_SECRET_KEY'] = os.getenv('JWT_SECRET_KEY', 'temporary_secret')
jwt = JWTManager(app)
db = SQLAlchemy(app)
api = Api(app)
migrate = Migrate(app, db)
# JWT error handlers
@jwt.expired_token_loader
def expired_token_callback(jwt_header, jwt_payload):
return jsonify({"message": "Token has expired"}), 401
@jwt.invalid_token_loader
def invalid_token_callback(error):
return jsonify({"message": "Invalid token"}), 401
@jwt.unauthorized_loader
def unauthorized_callback(error):
return jsonify({"message": "Missing or invalid Authorization header"}), 401
if __name__ == "__main__":
app.run(host="0.0.0.0", port=5000, debug=True)
< /code>
Auth Ressource (auth_resource.py) < /strong> < /p>
from flask_restful import Resource, reqparse
from flask_jwt_extended import (
create_access_token, create_refresh_token, jwt_required, get_jwt_identity
)
from werkzeug.security import check_password_hash
from datetime import timedelta
from app.models import User
parser = reqparse.RequestParser()
parser.add_argument('username', required=True)
parser.add_argument('password', required=True)
class LoginResource(Resource):
def post(self):
data = parser.parse_args()
user = User.query.filter_by(username=data['username']).first()
if user and check_password_hash(user.password_hash, data['password']):
access_token = create_access_token(identity=user.id, expires_delta=timedelta(seconds=30))
refresh_token = create_refresh_token(identity=user.id, expires_delta=timedelta(minutes=2))
return {'access_token': access_token, 'refresh_token': refresh_token}, 200
return {'msg': 'Invalid credentials'}, 401
class ProtectedResource(Resource):
@jwt_required()
def get(self):
identity = get_jwt_identity()
return {'logged_in_as': identity}, 200
< /code>
Testansatz & Ergebnisse (Postman) < /strong>
Login Works (200 OK), tokens zurück. Wieder.ERROR in app: Exception on /api/protected [GET]
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 917, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 902, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/usr/local/lib/python3.11/site-packages/flask_restful/__init__.py", line 604, in dispatch_request
resp = meth(*args, **kwargs)
File "/usr/local/lib/python3.11/site-packages/flask_jwt_extended/view_decorators.py", line 167, in decorator
verify_jwt_in_request(
File "/usr/local/lib/python3.11/site-packages/flask_jwt_extended/utils.py", line 128, in decode_token
return jwt_manager._decode_jwt_from_config(encoded_token, csrf_value, allow_expired)
File "/usr/local/lib/python3.11/site-packages/jwt/api_jwt.py", line 363, in _validate_exp
raise ExpiredSignatureError("Signature has expired")
jwt.exceptions.ExpiredSignatureError: Signature has expired
< /code>
Was ich ohne Erfolg ausprobiert habe: < /strong>
Implementierte JWT -Global -Fehlerhandler (expired_token_loader). Weltweit). Flask_jwt_extended mit Flask_restful, der verhindern, dass globale Handler ausgelöst werden? Neueste
Flask-jwt-Extended: neuestes
Flask-restful: letztes
PostgreSQL-Datenbank (Dockkerized)
Dokument-Kompose-Setup für Backend, Frontend und Database
JWT-Token-Ablaufhandhabung, der 500 Fehler in Flask-JWT-erweitert und flaskisch-restvoll verursacht ⇐ Python
-
- Similar Topics
- Replies
- Views
- Last post