A new Flask library to help make authenticating users super easy! Login users with ease :)
I'm releasing v0.1.0 this weekend of a Flask library that helps to make logging in users super easy!
If you want to develop Flasks app's fast & not spend all your time solving authorisation of all your resources / requests, then maybe this library can be useful for you..
Works out of the box with Flask-SQLAlchemy, so after you set up a user model with Flask-JWT-Router you no longer have to worry about handling any authenticating of that user or authorising routes associated with that users allowed resource access...
[https://github.com/joegasewicz/flask-jwt-router](https://github.com/joegasewicz/flask-jwt-router)
Could be useful for SPA's like AngularJS & ReactJS
Thank you very much for your time,
Joe
https://preview.redd.it/p8mxk63zm7e41.png?width=2506&format=png&auto=webp&s=0e231bc93f36b1f31557ea3e88627e50fe1bdf44
​
\#Python #ReactJS #Flask #SLQAlchemy #JWT
/r/flask
https://redd.it/ewy5sm
I'm releasing v0.1.0 this weekend of a Flask library that helps to make logging in users super easy!
If you want to develop Flasks app's fast & not spend all your time solving authorisation of all your resources / requests, then maybe this library can be useful for you..
Works out of the box with Flask-SQLAlchemy, so after you set up a user model with Flask-JWT-Router you no longer have to worry about handling any authenticating of that user or authorising routes associated with that users allowed resource access...
[https://github.com/joegasewicz/flask-jwt-router](https://github.com/joegasewicz/flask-jwt-router)
Could be useful for SPA's like AngularJS & ReactJS
Thank you very much for your time,
Joe
https://preview.redd.it/p8mxk63zm7e41.png?width=2506&format=png&auto=webp&s=0e231bc93f36b1f31557ea3e88627e50fe1bdf44
​
\#Python #ReactJS #Flask #SLQAlchemy #JWT
/r/flask
https://redd.it/ewy5sm
GitHub
GitHub - joegasewicz/flask-jwt-router: Flask JWT Router is a Python library that adds authorised routes to a Flask app.
Flask JWT Router is a Python library that adds authorised routes to a Flask app. - GitHub - joegasewicz/flask-jwt-router: Flask JWT Router is a Python library that adds authorised routes to a Flask...
Can someone help me understand CSRF security? (context inside)
I am using dj-rest-auth for authentication. I am using JWT token authentication. All advice on JWT tokens is to not store them in local storage. Instead, using this package I store them in HttpOnly cookie. Now, I am apparently vulnerable to CSRF attack. So I enable JWT_AUTH_COOKIE_USE_CSRF. This checks the CSRF token on authenticated requests. However, there is still the potential vulnerability known as "login CSRF" as detailed by this issue on Github. In order to account for this, there is another setting called JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED. This enforces CSRF on unauthenticated views (such as login).
This is where my issue comes in. As far as I understand, Django normally serves the
Please let me know if I am misunderstanding anything and if you have any advice.
/r/django
https://redd.it/16ouir1
I am using dj-rest-auth for authentication. I am using JWT token authentication. All advice on JWT tokens is to not store them in local storage. Instead, using this package I store them in HttpOnly cookie. Now, I am apparently vulnerable to CSRF attack. So I enable JWT_AUTH_COOKIE_USE_CSRF. This checks the CSRF token on authenticated requests. However, there is still the potential vulnerability known as "login CSRF" as detailed by this issue on Github. In order to account for this, there is another setting called JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED. This enforces CSRF on unauthenticated views (such as login).
This is where my issue comes in. As far as I understand, Django normally serves the
csrftoken cookie automatically alongside whichever template it is rendering. However, I am using a React frontend completely decoupled from Django server. Therefore I do not know how I am supposed to retrieve the CSRF cookie to be included in unauthenticated request such as login request.Please let me know if I am misunderstanding anything and if you have any advice.
/r/django
https://redd.it/16ouir1