1
Hello. I am working on an API (Flask/Python) that should receive requests from an application (React-Native) and a Webapp (Flask/Python). For some requests you will need the login control. I am using authentication through Jwts (Flask-JWT-Extended library). For Webapp authentication a post is done on the API /auth/login route and a token is returned if the data is correct:
@users.route("/auth/login", methods=["POST"])
def login():
data = request.get_json()
if data['email'] and data['password']:
user = User.query.filter_by(email=data['email']).one_or_none()
if user and bcrypt.check_password_hash(user.password, data['password']):
response_object = jsonify({'message': 'Success. Login successful'})
access_token = create_access_token(identity=user)
return jsonify(access_token=access_token)
abort(jsonify(message="Wrong username or password"))
My question is: how to store this token returned by the API in my Webapp (Flask/Python) to be able to send it to each request the user makes and, in addition, keep the user logged in to this app, because it also has pages that can only be accessed by authenticated users.
Before I had a separate API for requests that talk directly to the database (when I only had the Webapp), I was using Flask-login, login_user() and @login_required to do this control, but I can no longer follow this path because the app also needs to be met by the API.
Thank you.