The jwt decode always throws an exception to token is invalid. It's passing the correct token, checked with a print, but it doesn't seem to like it. *UPDATE* you now have to pass the algorithm to decode the jwt token with as a list
Hi i dont know why but the auth =request.authorization is not working for me. I am not getting the notification to fill in the username/password. I am getting the could not verify response. do i have to install any library other than the ones mentioned in the video or change any settings
Thankyou for this wonderful video... Now am able to know how to create token and storing them...Can you please provide the video on requesting using that token from that moment on.
any guess with : RuntimeError: Working outside of request context. This typically means that you attempted to use functionality that needed an active HTTP request. Consult the documentation on testing for information about how to avoid this problem.
Thank you very much for the great video, Very well explained. Although I have stumbled at 17:49, Even though I have added the token in the URL, I got a "token is invalid" json response, Please help, I have gone through and copied your code as it is, But not sure where I went wrong.
nice video. wanted to add that when i tried to authenticate the token using a header, I got back invalid token because I didnt specify the decode algorithm
Hello, I would like to thank you for the videos you make are very beneficial for me. I wanted to ask you if you could create user roles using token_required. In this video, you used the feature only to reveal content for the logged-in user. Couldn't the functionality be extended to user roles? For example, Admin would have read, write, user read only, or other read only for some content. I want to create user roles. Thank you
Can you make video on individual authentication for user and admin, where user authorized can use only [GET] method, while admin authorized can use [crud] methods.
Hi very clean explanation of the code but I'm unable to get output due to this line try: data = jwt.decode(token, app.config['SECRET_KEY']) any resolution for this please...
this is the section of code that generates the pop box to sign in. maybe try using chrome incognito window. as the standard chrome caching introduces confounding behaviour. def login(): print("def login()") auth = request.authorization print("auth:", auth)
Great Tutorial! Works on the browser and postman.. but when I try Python3 requests, I get 401 back.. wireshark captures look similar.. anyways do we need to consider some encoding when we use Python3 clients?
very nice video. After hiting the login url for the first time it asks for username and password but after that it does not ask for it and directly gives the token. can u help me how it should ask for user-id and password everytime login API is hit..
I encountered problems while running, it always says no module name jwt so I did steps below: make sure to upgrade flask to the last version with : pip3 install flask uninstall jwt with: pip3 uninstall jwt install pyjwt with: pip3 install pyjwt
thanks for the like! Our teacher is sending his students on your tutorial (see: jberger.org/ on the twitter feed). Best luck with the premium courses and the tutoring.
Just in the first case the clients does manage the request token to access the server, and in the other case the server allows a client based on a Cookie session, which one is better? Scalability seems to be in troubles when the server is the one who manage the permissions 'cause it has to maintain a state, but when is it a good idea to use, I mean the flask session object ¿
After hitting login api for first time it asks for username and password. But after that it does not ask and direct given new token . Can u help me how it should ask userid and password every time login api is hit.
how can i validate the different type of user like admin can view everything but user must restricted to see something? and also how to write security code for form data ?
never mind. I got it working. I actually had an input parameter to the function and passing token along with input parameter was not working. But the issue was I was not calling it properly. Its working now. Thanks!
Yes, I'm going to cover that in the next video with a realistic example. I wanted to keep things as simple as possible in this one to only explain the concepts.
Flask doesn't force you to do anything, so if you enjoy the extra freedom and know exactly what you want to do, Flask is great. If you are building an app where you are using a lot of standard features and you don't mind Django's approach, you can try out Django.
Read the error message. Its telling you token is already a string type. In his example, on an older version of jwt it returned a byte type. Which is why the decode was needed for his example. return jsonify({'token': token})
Join my free course on the basics of Flask-SQLAlchemy: prettyprinted.com/flasksql
This is by far the most underrated jsonify pronunciation. Great video by the way. Thanks.
Terrific! This is super useful. 3 years later, thank you
Neat explanation. Everything straight to the point. Thanks a ton for sharing such quality tutorials! This helped me a lot in understanding jwt
I'm glad I could help.
Best video on authentication. Extremely well explained.
Thx for this video, i have learned several JWT video tutorial on youtube. Your video is most clear i ever seen these days. Very helpful thx
ANOTHER LIFE SAVER......
More blessing to you..................
Perfect! That is exactly what I need! Thank you for this simple, fast and easy solution!
Glad it helped!
Thanks for sharing this. It has been a huge help towards understanding JWT in Python
You're welcome! Thanks for watching.
Always use 401 for unauthenticated routes. 403 is forbidden logic, for example forbidden directory listing etc. Not related to authentication.
Thanks!
I should have looked those up before recording the video. I always get them confused.
Still your great and step-by-step approach style. Very appreciated!
I'm glad you enjoyed it!
So excited, to watch this! I also 100% sure you will deliver another awesome tutorial :D
I try my best!
Thank you thank you thank you a million times ! your efforts are very much appreciated
You're welcome! And I appreciate you for taking the time to watch.
The best simple example. thanks
Very good tutorial. Useful stuff!
Great introduction. Made a somewhat intimidating topic seem straightforward
Glad the video helped! Thanks for watching.
Thank you, This helped me a lot.
Excelente tutorial, this is useful for someone starting with this. Thanks
2019, I found this video is useful. good contents.
I'm glad you like. Thanks for watching!
Thanks a lot! This is exactly what I was looking for. You saved me tons of time. Thanks again. :)
Really clear, very informative, thanks a lot
You're welcome! Thanks for watching.
Many thanks, Anthony! Brain storage was improved :)
You're welcome! Thanks for watching.
cool, how about for refresh token. that happen when we try to keep user remain login inside
It was really helpful, thank you
Thank you very much this video helped me a lot
very helpful tutorial. Thank you.
i am getting invalid token despite of copying the token...help will be appreciated
The jwt decode always throws an exception to token is invalid. It's passing the correct token, checked with a print, but it doesn't seem to like it.
*UPDATE*
you now have to pass the algorithm to decode the jwt token with as a list
thank you very much, had the same error and your comment saved me a lot of time :)
Thanks! man
data = jwt.decode(token, app.config['SECRET_KEY'], algorithms= ['HS512', 'HS256'])
another beautiful video, thanks for sharing my friend, subscribed!!
Thanks to explain
Thanks for this video. It's very helpful for me.
You're welcome! Thanks for watching.
Огромное спасибо
Ваше видео очень помогло мне в работе)
Thank you very much!!!
How was the `prompt screen` possible? Did you use HTML for the Login form?
Hi Anthony Get the code here not found
Thank you, very helpful !!!!!!!!!!!!!!!!!
You're welcome! Thanks for watching.
Great tutorial. Thanks!
Thanks, I appreciate it!
thank you sir!
Hi i dont know why but the auth =request.authorization is not working for me. I am not getting the notification to fill in the username/password. I am getting the could not verify response. do i have to install any library other than the ones mentioned in the video or change any settings
Thanks Anthony for your excellent work.
Can you complete this video with the implementation of refresh token?
That would be very great!
Awesome Awesome Awesome Awesome Awesome Awesome Awesome tutorial.
Thankyou for this wonderful video... Now am able to know how to create token and storing them...Can you please provide the video on requesting using that token from that moment on.
Hi, very helpful video. Please can you put the link to the video that follows this one in this flask api cours ?
any guess with : RuntimeError: Working outside of request context.
This typically means that you attempted to use functionality that needed
an active HTTP request. Consult the documentation on testing for
information about how to avoid this problem.
Did you manage to solve this?
when returning decorated make sure its return decorated, not return decorated()
great video thanks!
This is nice! Great video!
Thanks for watching!
Thanks mate
Thanks for sharing such a great video,
can you also help me with the logout?
thank you so much
Thank you very much for the great video, Very well explained. Although I have stumbled at 17:49, Even though I have added the token in the URL, I got a "token is invalid" json response,
Please help, I have gone through and copied your code as it is, But not sure where I went wrong.
Try to specify the algorithm on the decode function of JWT.
ı have the same problem. Did you be able to solve it?
nice video. wanted to add that when i tried to authenticate the token using a header, I got back invalid token because I didnt specify the decode algorithm
Can you add LOGOUT route? For cleaning the Token
Get the code link doesn't work
hey if you see this...can make a video about how you can link this up with vanilla javascript? thank you
Great video!
Thanks for watching!
Nice man.. your doing great job.. its possible to make video on Keycloak with flask or django.. looking forward to hear from you
Thank you for putting amazing tutorials together. I was wondering if you could make a video on Flask or Flask_restplus uses Oauth2? Thank you.
I'll consider that. Thanks for the idea and for watching.
Hello, I would like to thank you for the videos you make are very beneficial for me. I wanted to ask you if you could create user roles using token_required. In this video, you used the feature only to reveal content for the logged-in user. Couldn't the functionality be extended to user roles? For example, Admin would have read, write, user read only, or other read only for some content. I want to create user roles. Thank you
Can you make video on individual authentication for user and admin, where user authorized can use only [GET] method, while admin authorized can use [crud] methods.
is that request being restful request by the secret key now?
hi nice tutorial by the way how would i log out and how can i send login credentials from my front end
Can anyone provide a link for a next video please?
you're the best !
but how automatically pass this token in all request ? Is that THE question !!!
If i am making a website that uses this api but i want users to surf the website but not that api then what should i do ? 😩
where the data variable is used?
Thanks for a great tutorial!
However, the link to the code seems to be broken, might want to fix it.
Hey bro! But where is the code from this video? "Get the code here" page give me 404 error
Hi very clean explanation of the code but I'm unable to get output due to this line
try:
data = jwt.decode(token, app.config['SECRET_KEY'])
any resolution for this please...
how can get refresh token in this case?
Hello , how do you get the pop up to sign in? Great video btw!
this is the section of code that generates the pop box to sign in.
maybe try using chrome incognito window. as the standard chrome caching introduces confounding behaviour.
def login():
print("def login()")
auth = request.authorization
print("auth:", auth)
Great Tutorial! Works on the browser and postman.. but when I try Python3 requests, I get 401 back.. wireshark captures look similar.. anyways do we need to consider some encoding when we use Python3 clients?
You may have to. I'll have to test this out with calling from Python.
I am not sure about what is the different about flask-jwt-extend and flask-login? Which is better?
very nice video. After hiting the login url for the first time it asks for username and password but after that it does not ask for it and directly gives the token. can u help me how it should ask for user-id and password everytime login API is hit..
Hi , I have created database using sqlite, how do i access the data here for credentials
I encountered problems while running, it always says no module name jwt so I did steps below:
make sure to upgrade flask to the last version with :
pip3 install flask
uninstall jwt with:
pip3 uninstall jwt
install pyjwt with:
pip3 install pyjwt
thanks for the like! Our teacher is sending his students on your tutorial (see: jberger.org/ on the twitter feed). Best luck with the premium courses and the tutoring.
how to use it own my website rather than local host ?
hi when with the valid token obtained from login page still I get the message as token is missing.. can someone please help me with this
Very nice.
Thanks for watching!
what do say at @9:50 ? the token its generated in....?¿
The token is generated in bytes. I decode to a string so I can use it as a string.
THANKS
You're welcome! Thanks for watching.
how to pass token directly to another api?
Someone could share link the next video? Thanks
Really liked the explanation !!!. Still, it directly not verified and does not display any prompt to enter username and password. Anyone know why?
why pop up window for login is not opening. Can any one please tell me that. Any html template needed for that?
Awesome
What is the difference between doing this, and using the flask session object?
Just in the first case the clients does manage the request token to access the server, and in the other case the server allows a client based on a Cookie session, which one is better? Scalability seems to be in troubles when the server is the one who manage the permissions 'cause it has to maintain a state, but when is it a good idea to use, I mean the flask session object ¿
request.authorization does not show a pop up authentication on my web browser pls help!
After hitting login api for first time it asks for username and password. But after that it does not ask and direct given new token . Can u help me how it should ask userid and password every time login api is hit.
How the the token is saved?
how can i validate the different type of user like admin can view everything but user must restricted to see something? and also how to write security code for form data ?
I am new to python and its Very helpful. Can you let me know how to pass a parameter to 'protected' function along with token?
Could you be more specific? What are you trying to accomplish?
never mind. I got it working. I actually had an input parameter to the function and passing token along with input parameter was not working. But the issue was I was not calling it properly. Its working now. Thanks!
is it flask-jwt installed?? becuz it says no library exists when i try to install jwt...
the package is called pyjwt, so you do: pip install pyjwt
Can you please help me, that how should I go to the protected view without copy pasting the token manually and only using the python code.
You can use the library requests and authenticate that way.
Hi , I am trying to login in the first login function, but it is again showing the login popup, even after credentials. Please help
Even if you use the code I've linked to in the description?
Its done...found a different approach.
@@SwapnilSudhir47 I have got the same issue. Can you please tell me how did you solve it? Thanks
@@ayah5896 I might have forgotten what i was doing, but can you please check in the console network, what issue is there, I can help :-)
Hi, i've got problem with request.authentication cause it's NoneType object. How should I fix it?
it's request.authorization, but you probably figured that out by now.
would be better to put token on header and not in url ?
Yes, I'm going to cover that in the next video with a realistic example. I wanted to keep things as simple as possible in this one to only explain the concepts.
ok perfect i'm learning flask too what is your opinion on flask compare with django ?
Flask doesn't force you to do anything, so if you enjoy the extra freedom and know exactly what you want to do, Flask is great.
If you are building an app where you are using a lot of standard features and you don't mind Django's approach, you can try out Django.
I am getting this error
return jsonify({'token' : token.decode('UTF-8')})
AttributeError: 'str' object has no attribute 'decode'
Read the error message.
Its telling you token is already a string type. In his example, on an older version of jwt it returned a byte type. Which is why the decode was needed for his example.
return jsonify({'token': token})
how to destroy jwt token on logout?
Great tutorial, can you please give me the syntax theme
Thanks. I just use the default one in Sublime Text 3.
request.authorization is giving None? Help
Did You fixed it? I've the same problem :/