Notice: This page requires JavaScript to function properly.
Please enable JavaScript in your browser settings or update your browser.
Permissions | Authentication with JWT
Professional Web API with Flask
course content

Course Content

Professional Web API with Flask

Professional Web API with Flask

1. Introduction to the Course
2. Database and Models
3. Flask-Smorest and Schemas
4. Endpoints with Blueprints and MethodView
5. Authentication with JWT
6. Deployment

book
Permissions

Sometimes we need to differentiate the responsibilities of users on our website. For example, all users may view the list of players, but only registered users can view the list of teams, and only admins can delete, update, or create new instances. In the first and second cases, we simply add or omit the @jwt_required decorator. The third case will be discussed further.

JWT Claims in Flask

This is referred to as JWT claims in Flask. In JWT, we can pass additional information, such as a flag is_admin=True. By doing this, we only need to check the user's permissions once when we create the JWT, rather than every time the user makes a request.

Adding Special Claims to JWT

To add a special claim to JWT, we define a function similar to the error handling functions we wrote in the previous chapter:

This function is responsible for granting admin status only to the user with id=1. In this course, we will not cover adding this status to the user table in the database and retrieving this information to add it to the JWT.

Restricting Endpoints Beyond @jwt_required()

To add restrictions to endpoints beyond @jwt_required(), we include a check for the admin role:

get_jwt() is also imported from the flask_jwt_extended library.

In this way, we have a function for adding additional information about the user's status and functionality for checking this status.

1. What is the primary purpose of using JWT claims in Flask applications?
2. How can admin status be granted to a user through JWT in Flask?
3. How do you check for admin privileges in a Flask endpoint using JWT?
4. How do you restrict access to an endpoint to only registered users in Flask?
What is the primary purpose of using JWT claims in Flask applications?

What is the primary purpose of using JWT claims in Flask applications?

Select the correct answer

How can admin status be granted to a user through JWT in Flask?

How can admin status be granted to a user through JWT in Flask?

Select the correct answer

How do you check for admin privileges in a Flask endpoint using JWT?

How do you check for admin privileges in a Flask endpoint using JWT?

Select the correct answer

How do you restrict access to an endpoint to only registered users in Flask?

How do you restrict access to an endpoint to only registered users in Flask?

Select the correct answer

Everything was clear?

How can we improve it?

Thanks for your feedback!

Section 5. Chapter 6
We're sorry to hear that something went wrong. What happened?
some-alt