Tehnologii Web/2022-2023/Laborator 10

Flask JWT Authentication
In this lesson, we will talk about an authentication method in Flask, called JSON Web Tokens (JWT).

We will go step by step through this process.

Installing packages
In this chapter, we will specify and install all required project packages. We will build a REST API authentication token for an API project.

We will use the following libraries:


 * Flask,
 * pyjwt,
 * flask-sqlalchemy,
 * datetime,
 * uuid

In general, for all packages that are installed, it is useful to enter the package names and their version in a text file called requirements.txt. It is useful to deploy the application using the Heroku platform.

For example: To automatically install the libraries, the line in the terminal will be:   Also, to install the libraries one-by-one, the command will be:  and others.

Start of the implementation
In the app.py file we import the libraries: We should observe here the os library whose prominent role is to access the absolute path of a directory where a database is present. First, we should create a file called booksA.db. Next, we configure the application to be compatible with a database and the JWT process. To obtain the secret key, we can auto-generate it by using the secret library.

After we introduce the python keyword in the Terminal, we can write the following lines:

Then, we are going to create the table Users, also in the app.py file:    Also, we will specify all the columns' properties.

Connection of columns from different tables within a database. Now, to use JWT for the purpose of connecting the columns in the tables, a new table called Books will be created. To actually create the tables with Flask-JWT, we use the following line: After we introduced the previous lines, we can run the program.

Next, in app.py, we integrate the token_required(f) function. This will generate tokens that allow only registered users to access and manipulate a set of API operations.

Using the model for the user that will be stored in the database, the following code will be entered:  Creating the register route for the application's Users table. We indicate a post method. After the function token_required(f), the following code sequence will be inserted: Creating the login route. Afterward, we create a route for the login part. We should be careful at the timedelta set minutes because the token will expire and we should reactivate it. Next, a route that displays all users registered in the application will be created. The route will check the registered users from the Users table and provide an output in JSON format. The following sequence will be used here:

Creating routes for the Books table. These routes allow users to pull books from the table, database, and delete them as needed.

A mandatory check will also be implemented to verify that the tokens are valid. The next route is for getting all the books in the Books column. To delete a book from the database, the following sequence and route are used: Main function and running the application:

Steps in the Postman API Platform desktop application
To get started, we will need to download the desktop application called Postman API Platform, found at the following address: https://www.postman.com/downloads/. After the download is finished, open the application and from the Workspaces section create a new workspace, named FirstAPILocal. After that, add different routes to the localhost address, such as: /register, /login, /users, /books, /book. All routes other than /book will have the POST method. The /book tab will be GET.

Example: localhost/users

The x-access-tokens key has to be added to the table for localhost/book in the Headers section, but the value field is unknown. We will go to the Body section of localhost/book and add the typical JSON file lines to create a new book and add it to the Books table: Note. For each JSON code, we choose the raw option.

Afterwards, we will go to the localhost/register tab, in the Headers section, to check that there is no key entered. Then, we go to the Body section and enter the lines of code specific to a JSON file, related to the database table called Users: The Send button will be clicked and a registration request will be sent to the system. If the process was carried out correctly, it appears as a response: and the created user will appear as an observation in the database that can be accessed from the IDE.

Then, we will go to the tab for login, and select the Authorization section. The Basic Auth variant will be selected from the Combobox. The user's registration data is entered there. After pressing Send, a token will be obtained as a response. That token is valid, as specified, for 50 minutes. We will copy the token and put it in the value field from the Headers section, from localhost/book and we will give Send. A JSON message will be returned as a response, indicating that the book has been added to the table. This can also be seen in the table in the IDE.

Afterward, we go to the /books path to display the list of existing books. The same x-access-tokens will be entered as key, and that login token as value.

A similar step is applicable to the part of deleting a book from the list, entering only the ID of that book as a continuation of the route.

Statements and notes
Some of the advantages of using Flask are:


 * Provides a well-structured development server
 * Greater compatibility with modern technologies
 * Routing URL is simple
 * Minimal and powerful framework
 * Smaller code base size.

Another solution, and method, for the authentication process, is using Blueprint, Flask forms, and Flask-SQLAlchemy library in the project.