DEV Community

Cover image for Flask Rest API -Part:3- Authentication and Authorization

Flask Rest API -Part:3- Authentication and Authorization

Paurakh Sharma Humagain on December 27, 2019

Howdy! In the previous Part of the series, we learned how to use Blueprint and Flask-Restful to structure our Flask REST API in a more maintainable...
Collapse
 
tallmyr profile image
Simon Tallmyr

Love the guide, really helping me understand how this works!

That said, there's is one unfortunate part that is outdated.
If you get at TypeError after setting up the JWT decorators, that's because they have changed. Instead of @jwt_require it now should say jwt_require()

Took me a good long time to figure that one out :)

Collapse
 
drsimplegraffiti profile image
Abayomi Ogunnusi

it should be @jwt_required()

Collapse
 
nandamtejas profile image
nandamtejas

I used the route 127.0.0.1:5000/api/movies in POST request and I am getting error like

raise TypeError(f'Object of type {o.class.name} '
TypeError: Object of type ObjectId is not JSON serializable

Collapse
 
jmobley09 profile image
Joshua Mobley

I was able to figure this out. Turns out that flask_jwt_extended released a newer version and the annotation is like this now "@jwt_required()". It needs the parenthesis to do a function call.

Collapse
 
chakib_elfil_741f922b722c profile image
chakib elfil

me too!

Collapse
 
marwazi_siagian_aa4830070 profile image
Marwazi Siagian

Great Tutorial. Just a small comment.

under the final PUT function, shouldn't you use:
movie.update(**body)

instead of:
Movie.objects.get(id=id).update(**body)

to update the movie data?

Collapse
 
alisevichandrew profile image
Alisevichandrew • Edited

When I use 'localhost:5000/api/movies' in the 'POSTMAN' (method 'POST') and paste the token, I get an "message": "Internal Server Error" (Status: 500 INTERNAL SERVER ERROR). This is probably due to the installed version of 'mongoengine' ? Help solve the problem. Thanks.

Collapse
 
aniketsnv1997 profile image
Aniket Sonavane

I have managed to implememt the lpgin part and I have been storibng the tokens into a table. I am even able to change its revoke stats as true which is nothing but logging out the user.

However, even after loggin out I am able to access the protected endpoint with the revoked token

Collapse
 
aniketsnv1997 profile image
Aniket Sonavane

If you are fine even I can share my code with you.

Collapse
 
dhirajpatil19 profile image
Dhiraj Patil

great series! I am developing flask api with mongoengine and have a question...
how can we assign roles and permissions to user(authorization)? thanks

Collapse
 
belkacemezianii profile image
Belkacem

what is that? user.update(push_movies=movie) ?
and why push
_movies?

Collapse
 
jvmazagao profile image
João Victor

he needs to update the user to upsert the movies in the collection, and this is the way that he implements, the internal of the MongoEngine translates to this.

Collapse
 
jvmazagao profile image
João Victor

Because movies in the User Model is a List, and push_to_movies_list

Collapse
 
bhuwanweb profile image
Bhuwan Panta

It would have been even nicer if it had included marshmallow schemas topic as well.No Doubt Great Content though

Collapse
 
aniketsnv1997 profile image
Aniket Sonavane

Hello Parul

Can you please let me know how you are planning to implement the logout feature