-
Notifications
You must be signed in to change notification settings - Fork 1
/
notes.txt
43 lines (37 loc) · 1.47 KB
/
notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Todo list:
1. User regigtration
2. Existing user can obtain a JWT by providing thir email and password
3. JWT contains the following claims:
{
"token_issue_at": DateTime,
"token_expires_at": DateTime,
"user_public_id": Integer,
"is_admin": Boolean
}
4. JWT is sent in access_token field of HTTP response after successful authentication with email/password
5. JWT must expires in 1 hour(for production)
6. JWT is sent by client in autherization field of request header
7. Requests must be rejected if JWT has been modified
8. Requests must be rejected is JWT is expired
9. if user is logged out their JWT is immediatly expired/invalid
10. If JWT is expired, user must be re-authenticate with email/password to obtain a new JWT
Part of JWT
- header
- payload
* time when token issued (iat)
* time when token expires (exp)
* user details(public_id) (sub)(registered_claims)
* is_admin (admin)(private_claims)
- signature
encoded(header).endcoded(payload).encoded(signature)
===========================================================
Flask migration:
Flask -Migrate extension adds a new set of commands to
the Flask CLI grouped under flask db. In order to Migrate
to database, we need to run the command:
#To initialize migration
flask db init
# To mirgrate
flask db migrate --message <message>
# To execute the migration script
flask db upgrade