0

我制作的 Flask 应用程序flask-jwt-extended用于 JWT 身份验证。当我按照教程进行操作时,我在此处创建访问令牌时添加了电子邮件作为身份:

class ApiLogin(Resource):
    def post(self):
        data = loginParser.parse_args()
        current_user = User.find_by_email(data['email'])
        current_member = FamilyMember.find_by_email(data['email'])
        if not current_user or current_member:
            return {'message': 'User email {} doesn\'t exist'.format(data['email'])}, 403
        
        if bcrypt.check_password_hash(current_user.password if current_user else current_member.password, data['password']):
            access_token = create_access_token(identity =data['email'])
            refresh_token = create_refresh_token(identity =data['email'])
            print(get_raw_jwt())
            return {
                'message': 'Logged in as {}'.format(data['email']),
                'name': current_user.name if current_user else current_member.name,
                'access_token': access_token,
                'refresh_token': refresh_token,
                'identity': get_raw_jwt()
            }
        else:
            return {'message': 'Wrong credentials'}, 403

但是该get_raw_jwt()函数将 id 作为身份返回,而不是像这样的电子邮件:

{'iat': 1594408603, 'nbf': 1594408603, 'jti': '1b7227e5-873e-4076-aac6-a81ec2834256', 'exp': 1597000603, 'identity': 2, 'fresh': False, 'type': 'access', 'user_claims': {}}

这是怎么发生的?花了几个小时谷歌搜索,但没有得出类似的结果。请告诉我在哪一部分我做错了

4

1 回答 1

0

get_raw_jwt()返回发出请求的令牌的身份,而不是您刚刚创建的新创建的令牌的身份。您的退货声明应如下所示:

return {
    'message': 'Logged in as {}'.format(data['email']),
    'name': current_user.name if current_user else current_member.name,
    'access_token': access_token,
    'refresh_token': refresh_token,
    'identity': data['email'],
}
于 2020-07-11T16:47:07.587 回答