Basic Usage =========== In its simplest form, there is not much to using this extension. You use :func:`~flask_jwt_extended.create_access_token` to make JSON Web Tokens, :func:`~flask_jwt_extended.jwt_required` to protect routes, and :func:`~flask_jwt_extended.get_jwt_identity` to get the identity of a JWT in a protected route. .. literalinclude:: ../examples/simple.py To access a jwt_required protected view you need to send in the JWT with each request. By default, this is done with an authorization header that looks like: .. code-block :: bash Authorization: Bearer We can see this in action using `HTTPie `_. .. code-block :: bash $ http GET :5000/protected HTTP/1.0 401 UNAUTHORIZED Content-Length: 39 Content-Type: application/json Date: Sun, 24 Jan 2021 18:09:17 GMT Server: Werkzeug/1.0.1 Python/3.8.6 { "msg": "Missing Authorization Header" } $ http POST :5000/login username=test password=test HTTP/1.0 200 OK Content-Length: 288 Content-Type: application/json Date: Sun, 24 Jan 2021 18:10:39 GMT Server: Werkzeug/1.0.1 Python/3.8.6 { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTYxMTUxMTgzOSwianRpIjoiMmI0NzliNTQtYTI0OS00ZDNjLWE4NjItZGVkZGIzODljNmVlIiwibmJmIjoxNjExNTExODM5LCJ0eXBlIjoiYWNjZXNzIiwic3ViIjoidGVzdCIsImV4cCI6MTYxNDEwMzgzOX0.UpTueBRwNLK8e-06-oo5Y_9eWbaN5T3IHwKsy6Jauaw" } $ export JWT="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTYxMTUxMTgzOSwianRpIjoiMmI0NzliNTQtYTI0OS00ZDNjLWE4NjItZGVkZGIzODljNmVlIiwibmJmIjoxNjExNTExODM5LCJ0eXBlIjoiYWNjZXNzIiwic3ViIjoidGVzdCIsImV4cCI6MTYxNDEwMzgzOX0.UpTueBRwNLK8e-06-oo5Y_9eWbaN5T3IHwKsy6Jauaw" $ http GET :5000/protected Authorization:"Bearer $JWT" HTTP/1.0 200 OK Content-Length: 24 Content-Type: application/json Date: Sun, 24 Jan 2021 18:12:02 GMT Server: Werkzeug/1.0.1 Python/3.8.6 { "logged_in_as": "test" } **Important** Remember to change the JWT secret key in your application, and ensure that it is secure. The JWTs are signed with this key, and if someone gets their hands on it they will be able to create arbitrary tokens that are accepted by your web flask application.