Revoke current token

[portrain]

I am implementing an API in flask using your lovely library for a jwt-based authentication. I would like to offer the authenticated client the option to revoke its own token ("logout"). How would I implement this? I am using redis for the blacklist backend. As far as I can tell, the only way to revoke a token is by its jti. However, the library only stores the identity and the user claims on the app context.

Would it make sense to store the full jwt on the app context and have the get_jwt_identity and get_jwt_claims functions just return the appropriate fields? This would allow for another function that returns the jti.

[vimalloc]

That seems perfectly reasonable to me. We can add a new get_raw_jwt or something along those lines. We could take it a step farther and also add a get_jwt_jti method as well, if that would make things simpler.

I'll see about getting a new released pushed which addresses this later today.

Thanks for the feedback! 👍

[portrain]

I like the idea of the get_raw_jwt method and don't think we need a specialized get_jwt_jti method.

[portrain]

Oh, just saw that you added a commit pretty much exactly at the time when I sent my response. Thanks a lot!

[vimalloc]

That bodes well, cause that what I just added 👍

I'll get a new release pushed to pypi here asap. Lmk if you have any issues with it.

[portrain]

Will do!

[vimalloc]

Thanks :)

That is released as version 1.1.0. It should be available on pypi shortly. I'm going to go ahead and close this issue, but if any problems come up, please go ahead and re-open it.

Cheers!