I am implementing an API in flask using your lovely library for a jwt-based authentication. I would like to offer the authenticated client the option to revoke its own token ("logout"). How would I implement this? I am using redis for the blacklist backend. As far as I can tell, the only way to revoke a token is by its jti. However, the library only stores the identity and the user claims on the app context.
Would it make sense to store the full jwt on the app context and have the get_jwt_identity and get_jwt_claims functions just return the appropriate fields? This would allow for another function that returns the jti.
I am implementing an API in flask using your lovely library for a jwt-based authentication. I would like to offer the authenticated client the option to revoke its own token ("logout"). How would I implement this? I am using redis for the blacklist backend. As far as I can tell, the only way to revoke a token is by its
jti. However, the library only stores the identity and the user claims on the app context.Would it make sense to store the full jwt on the app context and have the
get_jwt_identityandget_jwt_claimsfunctions just return the appropriate fields? This would allow for another function that returns thejti.