Authenticating a Flask API Using JSON Web Tokens 

Join my free course on the basics of Flask-SQLAlchemy: prettyprinted.com/flasksql

Thanks for watching! Join the hundreds of others who have taken my Flask courses on prettyprinted.com

This is by far the most underrated jsonify pronunciation. Great video by the way. Thanks.

Neat explanation. Everything straight to the point. Thanks a ton for sharing such quality tutorials! This helped me a lot in understanding jwt

Always use 401 for unauthenticated routes. 403 is forbidden logic, for example forbidden directory listing etc. Not related to authentication.

Terrific! This is super useful. 3 years later, thank you

Best video on authentication. Extremely well explained.

ANOTHER LIFE SAVER...... More blessing to you..................

Thx for this video, i have learned several JWT video tutorial on youtube. Your video is most clear i ever seen these days. Very helpful thx

Perfect! That is exactly what I need! Thank you for this simple, fast and easy solution!

Thanks for sharing this. It has been a huge help towards understanding JWT in Python

Still your great and step-by-step approach style. Very appreciated!

i am getting invalid token despite of copying the token...help will be appreciated

So excited, to watch this! I also 100% sure you will deliver another awesome tutorial :D

Thank you, This helped me a lot.

Very good tutorial. Useful stuff!

cool, how about for refresh token. that happen when we try to keep user remain login inside

nice video. wanted to add that when i tried to authenticate the token using a header, I got back invalid token because I didnt specify the decode algorithm

The best simple example. thanks

The jwt decode always throws an exception to token is invalid. It's passing the correct token, checked with a print, but it doesn't seem to like it. *UPDATE* you now have to pass the algorithm to decode the jwt token with as a list

Thank you thank you thank you a million times ! your efforts are very much appreciated

It was really helpful, thank you

Great introduction. Made a somewhat intimidating topic seem straightforward

Really clear, very informative, thanks a lot

Excelente tutorial, this is useful for someone starting with this. Thanks

Thankyou for this wonderful video... Now am able to know how to create token and storing them...Can you please provide the video on requesting using that token from that moment on.

2019, I found this video is useful. good contents.

Many thanks, Anthony! Brain storage was improved :)

Thanks Anthony for your excellent work. Can you complete this video with the implementation of refresh token? That would be very great!

Thanks a lot! This is exactly what I was looking for. You saved me tons of time. Thanks again. :)

Thank you very much this video helped me a lot

very helpful tutorial. Thank you.

Thank you, very helpful !!!!!!!!!!!!!!!!!

Hi i dont know why but the auth =request.authorization is not working for me. I am not getting the notification to fill in the username/password. I am getting the could not verify response. do i have to install any library other than the ones mentioned in the video or change any settings

another beautiful video, thanks for sharing my friend, subscribed!!

Thanks to explain

any guess with : RuntimeError: Working outside of request context. This typically means that you attempted to use functionality that needed an active HTTP request. Consult the documentation on testing for information about how to avoid this problem.

Awesome Awesome Awesome Awesome Awesome Awesome Awesome tutorial.

Огромное спасибо Ваше видео очень помогло мне в работе) Thank you very much!!!

Thanks for this video. It's very helpful for me.

thank you sir!

Great tutorial. Thanks!

Thanks mate

How was the `prompt screen` possible? Did you use HTML for the Login form?

great video thanks!

Hi Anthony Get the code here not found

Nice man.. your doing great job.. its possible to make video on Keycloak with flask or django.. looking forward to hear from you

This is nice! Great video!

Can you make video on individual authentication for user and admin, where user authorized can use only [GET] method, while admin authorized can use [crud] methods.

Hi, very helpful video. Please can you put the link to the video that follows this one in this flask api cours ?

I encountered problems while running, it always says no module name jwt so I did steps below: make sure to upgrade flask to the last version with : pip3 install flask uninstall jwt with: pip3 uninstall jwt install pyjwt with: pip3 install pyjwt

Thanks for sharing such a great video, can you also help me with the logout?

hey if you see this...can make a video about how you can link this up with vanilla javascript? thank you

hi when with the valid token obtained from login page still I get the message as token is missing.. can someone please help me with this

thank you so much

Great video!

you're the best !

Thank you for putting amazing tutorials together. I was wondering if you could make a video on Flask or Flask_restplus uses Oauth2? Thank you.

but how automatically pass this token in all request ? Is that THE question !!!

why pop up window for login is not opening. Can any one please tell me that. Any html template needed for that?

Can anyone provide a link for a next video please?

Hello, I would like to thank you for the videos you make are very beneficial for me. I wanted to ask you if you could create user roles using token_required. In this video, you used the feature only to reveal content for the logged-in user. Couldn't the functionality be extended to user roles? For example, Admin would have read, write, user read only, or other read only for some content. I want to create user roles. Thank you

Thanks for a great tutorial! However, the link to the code seems to be broken, might want to fix it.

Really liked the explanation !!!. Still, it directly not verified and does not display any prompt to enter username and password. Anyone know why?

I am not sure about what is the different about flask-jwt-extend and flask-login? Which is better?

If i am making a website that uses this api but i want users to surf the website but not that api then what should i do ? 😩

Hi very clean explanation of the code but I'm unable to get output due to this line try: data = jwt.decode(token, app.config['SECRET_KEY']) any resolution for this please...

how can i validate the different type of user like admin can view everything but user must restricted to see something? and also how to write security code for form data ?

Hi , I have created database using sqlite, how do i access the data here for credentials

hi nice tutorial by the way how would i log out and how can i send login credentials from my front end

very nice video. After hiting the login url for the first time it asks for username and password but after that it does not ask for it and directly gives the token. can u help me how it should ask for user-id and password everytime login API is hit..

Get the code link doesn't work

After hitting login api for first time it asks for username and password. But after that it does not ask and direct given new token . Can u help me how it should ask userid and password every time login api is hit.

how to pass token directly to another api?

Very nice.

how can get refresh token in this case?

how to use it own my website rather than local host ?

where the data variable is used?

this video belongs to which play list ? coz i want cover the whole topic ? plz suggest #PrettyPrinted

Hey bro! But where is the code from this video? "Get the code here" page give me 404 error

Great explanation sir but title is misguiding because you have not used any API

Can you add LOGOUT route? For cleaning the Token

request.authorization does not show a pop up authentication on my web browser pls help!

how to verify token from firebase?

Someone could share link the next video? Thanks

THANKS

while trying to implement this i got TypeError: 'module' object is not callable Traceback (most recent call last) File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/app.py", line 2464, in __call__ return self.wsgi_app(environ, start_response) File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/app.py", line 2450, in wsgi_app response = self.handle_exception(e) File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/app.py", line 1867, in handle_exception reraise(exc_type, exc_value, tb) File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise raise value File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app response = self.full_dispatch_request() File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request rv = self.handle_user_exception(e) File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception reraise(exc_type, exc_value, tb) File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise raise value File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request rv = self.dispatch_request() File "/home/lb/Documents/trie/venv/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "/home/lb/Documents/trie/application/admin/routes/auth.py", line 20, in unprotected token = jwt({'user': auth.username, 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=30)}, app.secret_key) TypeError: 'module' object is not callable

Awesome

is that request being restful request by the secret key now?

Great Tutorial! Works on the browser and postman.. but when I try Python3 requests, I get 401 back.. wireshark captures look similar.. anyways do we need to consider some encoding when we use Python3 clients?

Hello , how do you get the pop up to sign in? Great video btw!

I am getting this error return jsonify({'token' : token.decode('UTF-8')}) AttributeError: 'str' object has no attribute 'decode'

Can you please help me, that how should I go to the protected view without copy pasting the token manually and only using the python code.

What is the difference between doing this, and using the flask session object?

Thank you very much for the great video, Very well explained. Although I have stumbled at 17:49, Even though I have added the token in the URL, I got a "token is invalid" json response, Please help, I have gone through and copied your code as it is, But not sure where I went wrong.

How the the token is saved?

I am new to python and its Very helpful. Can you let me know how to pass a parameter to 'protected' function along with token?

Hi, i've got problem with request.authentication cause it's NoneType object. How should I fix it?

Share the code for us

is it flask-jwt installed?? becuz it says no library exists when i try to install jwt...