Customizable login() view to allow attaching JWT token

[rivasd]

Hi!

I am trying to use flask-jwt-extended in conjuction with your awesome Flask-Security, which in in my opinion takes care of a lot of the boilerplate away from standard authentication.

However, use cases for both Flask-Login and Flask-jwt-extended depend on us writing our own login() view to allow users to log in given a username+password, giving them back a JWT string. I can see Flask-Security ships with a nice implementation of such view that even takes into account whether it is called by AJAX or not. But it currently suffers from 2 things:

• It does not seem possible to turn off your in-house "auth token" generation if we don't need it, see #753
• There are no hooks to allow us to add a custom JWT to the response instead of your native auth token.

I assume this would be possible using Flask-Login's user-logged-in signal, in conjunction with Flask.after_this_request and the flask.request global to, for example, attach an Authorization: Bearer header, but this seems very contrived. Additionally, if the response is a json string, there is no officially documented way to my knowledge to alter the contents of a response object in Flask

[jwag956]

So in your User model which presumably is based on the UserMixin - you can override:

get_auth_token() and get_security_payload() which should be pretty close to what you need?

[jminardi]

@rivasd Would you be able to share any progress you have made with integrating flask-jwt-extended with flask-security?