Add function for getting full (raw) jwt in a protected endpoint

This allows you to use 'get_raw_jwt()' in any jwt protected endpoint
(jwt_required, fresh_jwt_required, refresh_jwt_required).

Refs #22

Author: vimalloc

examples/blacklist.py

@@ -6,7 +6,8 @@
 from flask_jwt_extended import JWTManager, jwt_required, \
     get_jwt_identity, revoke_token, unrevoke_token, \
     get_stored_tokens, get_all_stored_tokens, create_access_token, \
-    create_refresh_token, jwt_refresh_token_required, get_stored_token
+    create_refresh_token, jwt_refresh_token_required, \
+    get_raw_jwt, get_stored_token
 
 
 # Setup flask
@@ -55,6 +56,16 @@ def refresh():
     return jsonify(ret), 200
 
 
+# Endpoint for revoking a token when logging out
+@app.route('/logout', method=['POST'])
+@jwt_required
+def login():
+    jwt = get_raw_jwt()
+    jti = jwt['jti']
+    revoke_token(jti)
+    return jsonify({"msg": "Successfully logged out"}), 200
+
+
 # Endpoint for listing tokens that have the same identity as you
 @app.route('/auth/tokens', methods=['GET'])
 @jwt_required

flask_jwt_extended/__init__.py

@@ -2,6 +2,6 @@
 from .utils import (jwt_required, fresh_jwt_required, jwt_refresh_token_required,
                     create_refresh_token, create_access_token, get_jwt_identity,
                     get_jwt_claims, set_access_cookies, set_refresh_cookies,
-                    unset_jwt_cookies)
+                    unset_jwt_cookies, get_raw_jwt)
 from .blacklist import (revoke_token, unrevoke_token, get_stored_tokens,
                         get_all_stored_tokens, get_stored_token)

flask_jwt_extended/utils.py

@@ -41,6 +41,14 @@ def get_jwt_claims():
     return getattr(ctx_stack.top, 'jwt_user_claims', {})
 
 
+def get_raw_jwt():
+    """
+    Returns the python dictionary which has all of the data in this JWT. If no
+    JWT is currently present, and empty dict is returned
+    """
+    return getattr(ctx_stack.top, 'jwt', {})
+
+
 def _create_csrf_token():
     return str(uuid.uuid4())
 
@@ -235,6 +243,7 @@ def wrapper(*args, **kwargs):
         # the various endpoints that is using this decorator
         ctx_stack.top.jwt_identity = jwt_data['identity']
         ctx_stack.top.jwt_user_claims = jwt_data['user_claims']
+        ctx_stack.top.jwt = jwt_data
         return fn(*args, **kwargs)
     return wrapper
 
@@ -270,6 +279,7 @@ def wrapper(*args, **kwargs):
         # the various endpoints that is using this decorator
         ctx_stack.top.jwt_identity = jwt_data['identity']
         ctx_stack.top.jwt_user_claims = jwt_data['user_claims']
+        ctx_stack.top.jwt = jwt_data
         return fn(*args, **kwargs)
     return wrapper
 
@@ -297,6 +307,7 @@ def wrapper(*args, **kwargs):
         # Save the jwt in the context so that it can be accessed later by
         # the various endpoints that is using this decorator
         ctx_stack.top.jwt_identity = jwt_data['identity']
+        ctx_stack.top.jwt = jwt_data
         return fn(*args, **kwargs)
     return wrapper
 

tests/test_protected_endpoints.py

@@ -10,7 +10,7 @@
     get_jwt_identity, set_refresh_cookies, set_access_cookies, unset_jwt_cookies
 from flask_jwt_extended import JWTManager, create_refresh_token, \
     jwt_refresh_token_required, create_access_token, fresh_jwt_required, \
-    jwt_required
+    jwt_required, get_raw_jwt
 
 
 class TestEndpoints(unittest.TestCase):
@@ -280,6 +280,7 @@ def claims():
                 'claims': get_jwt_claims()
             })
 
+
         # Login
         response = self.client.post('/auth/login')
         data = json.loads(response.get_data(as_text=True))
@@ -290,6 +291,32 @@ def claims():
         self.assertEqual(status, 200)
         self.assertEqual(data, {'username': 'test', 'claims': {'foo': 'bar'}})
 
+    def test_jwt_raw_token(self):
+        # Endpoints that uses get raw tokens and returns the keys
+        @self.app.route('/claims')
+        @jwt_required
+        def claims():
+            jwt = get_raw_jwt()
+            claims_keys = [claim for claim in jwt]
+            return jsonify(claims_keys), 200
+
+        # Login
+        response = self.client.post('/auth/login')
+        data = json.loads(response.get_data(as_text=True))
+        access_token = data['access_token']
+
+        # Test our custom endpoint
+        status, data = self._jwt_get('/claims', access_token)
+        self.assertEqual(status, 200)
+        self.assertIn('exp', data)
+        self.assertIn('iat', data)
+        self.assertIn('nbf', data)
+        self.assertIn('jti', data)
+        self.assertIn('identity', data)
+        self.assertIn('fresh', data)
+        self.assertIn('type', data)
+        self.assertIn('user_claims', data)
+
     def test_different_headers(self):
         response = self.client.post('/auth/login')
         data = json.loads(response.get_data(as_text=True))