Flask-JWT-Extended

Features

Flask-JWT-Extended not only adds support for using JSON Web Tokens (JWT) to Flask for protecting routes, but also many helpful (and optional) features built in to make working with JSON Web Tokens easier. These include:

• Adding custom claims to JSON Web Tokens
• Automatic user loading (current_user).
• Custom claims validation on received tokens
• Refresh tokens
• First class support for fresh tokens for making sensitive changes.
• Token revoking/blocklisting
• Storing tokens in cookies and CSRF protection

Usage

View the documentation online

Upgrading from 3.x.x to 4.0.0

View the changes

Changelog

You can view the changelog here. This project follows semantic versioning.

Chatting

Come chat with the community or ask questions at https://discord.gg/EJBsbFd

Contributing

Before making any changes, make sure to install the development requirements and setup the git hooks which will automatically lint and format your changes.

pip install -r requirements.txt
pre-commit install

We require 100% code coverage in our unit tests. You can run the tests locally with tox which ensures that all tests pass, tests provide complete code coverage, documentation builds, and style guide are adhered to

tox

A subset of checks can also be ran by adding an argument to tox. The available arguments are:

• py37, py38, py39, py310, py311, py312, pypy3
  • Run unit tests on the given python version
• mypy
  • Run mypy type checking
• coverage
  • Run a code coverage check
• docs
  • Ensure documentation builds and there are no broken links
• style
  • Ensure style guide is adhered to

tox -e py38

We also require features to be well documented. You can generate a local copy of the documentation by going to the docs directory and running:

make clean && make html && open _build/html/index.html