Flask API Authentication with JSON Web Tokens
Last Updated :
24 Jul, 2025
Authentication is the process of verifying the identity of the user. It checks whether the user is real or not. It is used to provide access to resources only to valid users. There are two types of Authentication:
- Single Factor Authentication: In this only one piece of information is needed to verify the identity of the user and to check that the user is legit. An example of SFA is password-based login where only the user's password is required to gain access to the resources of the server.
- Multi-Factor Authentication: In this multiple piece of information is required to verify the identity of the user to make sure the user is legit. It is more secure than SFA. An example of MFA would be validating the user based on password as well as OTP sent on the verified mobile number.
Authentication Middleware and Authorization
Authentication Middleware is a software layer that is used to handle authentication tasks. It checks whether the user is legit or not before sending the request to the server. So first the middleware checks the user's credentials and if they are valid the request is then forwarded to the web server.
Authorization is the process of determining whether the user has access to the specified resources or not. It is an important step because only authorized users should have access to servers' sensitive information.
Authentication Workflow
Consider a simple web application that consists of a login page. When the user enters the username and password and sends a request to the server, the server creates a session ID for that user which will be valid for a specified period. The server sends the created session ID along with the response. The session ID is stored in the browser of the user. Now whenever the user sends a request to the server the session ID is also forwarded along with the request, the server then checks whether the session ID is valid or not and returns the response based on the privileges of the user. Here the server has to store the session ID to authenticate the user.
Need of JWT
Before JWT we were using the concept of cookies to maintain the session for a particular user. But the above method has some drawbacks in traditional architecture where the multiple servers are used to satisfy users requests. So consider when a user sends a request to server A it will start a session and store that information on the server and sends the cookie. Now if the user send the request again it might be possible that the request will be transferred to some other server by the load balancer which will not have the user session.
To overcome the above difficulty we come up with a solution of JWT which store users information inside of a token which will be stored on the users browser rather then on the server, so even if the second request get redirected to some other server it will still be able to satisfy the request as user will be sending the token which will have the users information.
JWT Components
Json web token is a json object used to send information over the internet. It mainly consists of three parts each separated with a dot(.) . The first one is header which contains two information :
- * alg specifies the hashing algorithm used to create the token
- * typ specifies the type of token, which is always JWT
{ "typ" : "JWT" , "alg" : "HS256" }
The second is the payload which contains the information about the user as well some other info such as the expiration time of the token.
{ "exp" : 12323232892, "sub" : "Hello World", "id" : "123"}
The third one is the signature which checks the integrity of the message. It is generated by adding the BASE64URL encoded header and the payload with a dot(.) and then hashing it with a secret key.
For example consider we have the following header, payload and the secret key :
- header : {"alg":"HS256", "typ":"JWT"}
- payload : {"user":"username", "password":"password"}
- secret key : "this is secret"
Then the JWT will be:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXNlcm5hbWUiLCJwYXNzd29yZCI6InBhc3N3b3JkIn0.3dJul7umiy_MPlLdAMyv7yoQuTCe-sQ9j-V6QkinA6c
You can verify the above token at below url
https://www.jwt.io/
Authenticating API using JWT
For authenticating the user we need to first create a token which will be given to the user, so when the user again sends the request we can use the token to validate whether the user is legit or not. To create the JWT token we are going to use the jwt package which provides the encode method for creating the token.
In the encode method we have to pass the header data and the secret key. The method will return the JWT token. When the user sends the token we can again use the decode method present in jwt package to decode the token, if the token is not correct it will throw an exception. We are now going to consider a simple python script which has two endpoint
- /login : This will take a username and password, create a JWT token using secret key which is "this is secret". After successful login, the user will be displayed a link which will be only accessible if the token is valid.
- /access : This will take the token and check whether the token is valid or not. It will also check if the token is expired or not.
To run the Python code you first need to install jwt and flask using pip.
pip install jwt
pip install flask
Example: Create a Python file app.py and copy paste the below code:
In the login endpoint we first checked whether users password is equal to "password" or not, if it is then we created a JWT token using jwt.encode() method by passing the payload which contains the username and expiration time along with the secret key which we defined using app.config.
Python3
import jwt
from flask import Flask, request, jsonify, make_response
import datetime
app = Flask(__name__)
app.config['secret_key'] = "this is secret"
def token_required(f):
def decorated(*args, **kwargs):
token = request.args.get('token')
if not token:
return jsonify({'error': 'token is missing'}), 403
try:
jwt.decode(token, app.config['secret_key'], algorithms="HS256")
except Exception as error:
return jsonify({'error': 'token is invalid/expired'})
return f(*args, **kwargs)
return decorated
@app.route("/login")
def login():
auth = request.authorization
if auth and auth.password == "password":
token = jwt.encode({'user': auth.username, 'exp': datetime.datetime.utcnow(
) + datetime.timedelta(seconds=10)}, app.config['secret_key'])
return f'<a href="http://localhost:5000/access?token={token}">Private link</a>'
return make_response('Could not Verify', 401, {'WWW-Authenticate': 'Basic realm ="Login Required"'})
@app.route("/access")
@token_required
def access():
return jsonify({'message': 'valid jwt token'})
if __name__ == "__main__":
app.run()
.jpg)
After the user is logged in successfully, the user will be shown a link which will be accessible to only him. After user click on that link the /access endpoint will be hit, which first get the token from the url and valiate it using the jwt.decode method which takes the token, secret key and the hashing algorithm. If the token is not valid the method will throw an error which is handled using the except statement in which we simply tell the user that the token is not valid or has been expired.
To run the above code first go the directory which contains app.py file and run the below command:
python app.py
After running the above command the server will be up and running on port 5000, you can access the login endpoint using the below url:
http://localhost:5000/login
After entering the username and password, you will be logged in and will be displayed with a url. Click on the url which will send the JWT token to the flask server. If the token is valid you will be given access to the web page.
In above example we set the token expiration time to be 10 seconds which means after 10 seconds of login you will not be able to access the private link. You can set the expiration time of the token according to your use case.
Output
.gif)
Similar Reads
Python Tutorial - Learn Python Programming Language Python is one of the most popular programming languages. It’s simple to use, packed with features and supported by a wide range of libraries and frameworks. Its clean syntax makes it beginner-friendly. It'sA high-level language, used in web development, data science, automation, AI and more.Known fo
10 min read
Python Fundamentals
Python IntroductionPython was created by Guido van Rossum in 1991 and further developed by the Python Software Foundation. It was designed with focus on code readability and its syntax allows us to express concepts in fewer lines of code.Key Features of PythonPython’s simple and readable syntax makes it beginner-frien
3 min read
Input and Output in PythonUnderstanding input and output operations is fundamental to Python programming. With the print() function, we can display output in various formats, while the input() function enables interaction with users by gathering input during program execution. Taking input in PythonPython's input() function
7 min read
Python VariablesIn Python, variables are used to store data that can be referenced and manipulated during program execution. A variable is essentially a name that is assigned to a value. Unlike many other programming languages, Python variables do not require explicit declaration of type. The type of the variable i
6 min read
Python OperatorsIn Python programming, Operators in general are used to perform operations on values and variables. These are standard symbols used for logical and arithmetic operations. In this article, we will look into different types of Python operators. OPERATORS: These are the special symbols. Eg- + , * , /,
6 min read
Python KeywordsKeywords in Python are reserved words that have special meanings and serve specific purposes in the language syntax. Python keywords cannot be used as the names of variables, functions, and classes or any other identifier. Getting List of all Python keywordsWe can also get all the keyword names usin
2 min read
Python Data TypesPython Data types are the classification or categorization of data items. It represents the kind of value that tells what operations can be performed on a particular data. Since everything is an object in Python programming, Python data types are classes and variables are instances (objects) of thes
9 min read
Conditional Statements in PythonConditional statements in Python are used to execute certain blocks of code based on specific conditions. These statements help control the flow of a program, making it behave differently in different situations.If Conditional Statement in PythonIf statement is the simplest form of a conditional sta
6 min read
Loops in Python - For, While and Nested LoopsLoops in Python are used to repeat actions efficiently. The main types are For loops (counting through items) and While loops (based on conditions). In this article, we will look at Python loops and understand their working with the help of examples. For Loop in PythonFor loops is used to iterate ov
9 min read
Python FunctionsPython Functions is a block of statements that does a specific task. The idea is to put some commonly or repeatedly done task together and make a function so that instead of writing the same code again and again for different inputs, we can do the function calls to reuse code contained in it over an
9 min read
Recursion in PythonRecursion involves a function calling itself directly or indirectly to solve a problem by breaking it down into simpler and more manageable parts. In Python, recursion is widely used for tasks that can be divided into identical subtasks.In Python, a recursive function is defined like any other funct
6 min read
Python Lambda FunctionsPython Lambda Functions are anonymous functions means that the function is without a name. As we already know the def keyword is used to define a normal function in Python. Similarly, the lambda keyword is used to define an anonymous function in Python. In the example, we defined a lambda function(u
6 min read
Python Data Structures
Python StringA string is a sequence of characters. Python treats anything inside quotes as a string. This includes letters, numbers, and symbols. Python has no character data type so single character is a string of length 1.Pythons = "GfG" print(s[1]) # access 2nd char s1 = s + s[0] # update print(s1) # printOut
6 min read
Python ListsIn Python, a list is a built-in dynamic sized array (automatically grows and shrinks). We can store all types of items (including another list) in a list. A list may contain mixed type of items, this is possible because a list mainly stores references at contiguous locations and actual items maybe s
6 min read
Python TuplesA tuple in Python is an immutable ordered collection of elements. Tuples are similar to lists, but unlike lists, they cannot be changed after their creation (i.e., they are immutable). Tuples can hold elements of different data types. The main characteristics of tuples are being ordered , heterogene
6 min read
Dictionaries in PythonPython dictionary is a data structure that stores the value in key: value pairs. Values in a dictionary can be of any data type and can be duplicated, whereas keys can't be repeated and must be immutable. Example: Here, The data is stored in key:value pairs in dictionaries, which makes it easier to
7 min read
Python SetsPython set is an unordered collection of multiple items having different datatypes. In Python, sets are mutable, unindexed and do not contain duplicates. The order of elements in a set is not preserved and can change.Creating a Set in PythonIn Python, the most basic and efficient method for creating
10 min read
Python ArraysLists in Python are the most flexible and commonly used data structure for sequential storage. They are similar to arrays in other languages but with several key differences:Dynamic Typing: Python lists can hold elements of different types in the same list. We can have an integer, a string and even
9 min read
List Comprehension in PythonList comprehension is a way to create lists using a concise syntax. It allows us to generate a new list by applying an expression to each item in an existing iterable (such as a list or range). This helps us to write cleaner, more readable code compared to traditional looping techniques.For example,
4 min read
Advanced Python
Python OOPs ConceptsObject Oriented Programming is a fundamental concept in Python, empowering developers to build modular, maintainable, and scalable applications. OOPs is a way of organizing code that uses objects and classes to represent real-world entities and their behavior. In OOPs, object has attributes thing th
11 min read
Python Exception HandlingPython Exception Handling handles errors that occur during the execution of a program. Exception handling allows to respond to the error, instead of crashing the running program. It enables you to catch and manage errors, making your code more robust and user-friendly. Let's look at an example:Handl
6 min read
File Handling in PythonFile handling refers to the process of performing operations on a file, such as creating, opening, reading, writing and closing it through a programming interface. It involves managing the data flow between the program and the file system on the storage device, ensuring that data is handled safely a
4 min read
Python Database TutorialPython being a high-level language provides support for various databases. We can connect and run queries for a particular database using Python and without writing raw queries in the terminal or shell of that particular database, we just need to have that database installed in our system.A database
4 min read
Python MongoDB TutorialMongoDB is a popular NoSQL database designed to store and manage data flexibly and at scale. Unlike traditional relational databases that use tables and rows, MongoDB stores data as JSON-like documents using a format called BSON (Binary JSON). This document-oriented model makes it easy to handle com
2 min read
Python MySQLMySQL is a widely used open-source relational database for managing structured data. Integrating it with Python enables efficient data storage, retrieval and manipulation within applications. To work with MySQL in Python, we use MySQL Connector, a driver that enables seamless integration between the
9 min read
Python PackagesPython packages are a way to organize and structure code by grouping related modules into directories. A package is essentially a folder that contains an __init__.py file and one or more Python files (modules). This organization helps manage and reuse code effectively, especially in larger projects.
12 min read
Python ModulesPython Module is a file that contains built-in functions, classes,its and variables. There are many Python modules, each with its specific work.In this article, we will cover all about Python modules, such as How to create our own simple module, Import Python modules, From statements in Python, we c
7 min read
Python DSA LibrariesData Structures and Algorithms (DSA) serve as the backbone for efficient problem-solving and software development. Python, known for its simplicity and versatility, offers a plethora of libraries and packages that facilitate the implementation of various DSA concepts. In this article, we'll delve in
15 min read
List of Python GUI Library and PackagesGraphical User Interfaces (GUIs) play a pivotal role in enhancing user interaction and experience. Python, known for its simplicity and versatility, has evolved into a prominent choice for building GUI applications. With the advent of Python 3, developers have been equipped with lots of tools and li
11 min read
Data Science with Python
NumPy Tutorial - Python LibraryNumPy (short for Numerical Python ) is one of the most fundamental libraries in Python for scientific computing. It provides support for large, multi-dimensional arrays and matrices along with a collection of mathematical functions to operate on arrays.At its core it introduces the ndarray (n-dimens
3 min read
Pandas TutorialPandas is an open-source software library designed for data manipulation and analysis. It provides data structures like series and DataFrames to easily clean, transform and analyze large datasets and integrates with other Python libraries, such as NumPy and Matplotlib. It offers functions for data t
6 min read
Matplotlib TutorialMatplotlib is an open-source visualization library for the Python programming language, widely used for creating static, animated and interactive plots. It provides an object-oriented API for embedding plots into applications using general-purpose GUI toolkits like Tkinter, Qt, GTK and wxPython. It
5 min read
Python Seaborn TutorialSeaborn is a library mostly used for statistical plotting in Python. It is built on top of Matplotlib and provides beautiful default styles and color palettes to make statistical plots more attractive.In this tutorial, we will learn about Python Seaborn from basics to advance using a huge dataset of
15+ min read
StatsModel Library- TutorialStatsmodels is a useful Python library for doing statistics and hypothesis testing. It provides tools for fitting various statistical models, performing tests and analyzing data. It is especially used for tasks in data science ,economics and other fields where understanding data is important. It is
4 min read
Learning Model Building in Scikit-learnBuilding machine learning models from scratch can be complex and time-consuming. Scikit-learn which is an open-source Python library which helps in making machine learning more accessible. It provides a straightforward, consistent interface for a variety of tasks like classification, regression, clu
8 min read
TensorFlow TutorialTensorFlow is an open-source machine-learning framework developed by Google. It is written in Python, making it accessible and easy to understand. It is designed to build and train machine learning (ML) and deep learning models. It is highly scalable for both research and production.It supports CPUs
2 min read
PyTorch TutorialPyTorch is an open-source deep learning framework designed to simplify the process of building neural networks and machine learning models. With its dynamic computation graph, PyTorch allows developers to modify the network’s behavior in real-time, making it an excellent choice for both beginners an
7 min read
Web Development with Python
Flask TutorialFlask is a lightweight and powerful web framework for Python. It’s often called a "micro-framework" because it provides the essentials for web development without unnecessary complexity. Unlike Django, which comes with built-in features like authentication and an admin panel, Flask keeps things mini
8 min read
Django Tutorial | Learn Django FrameworkDjango is a Python framework that simplifies web development by handling complex tasks for you. It follows the "Don't Repeat Yourself" (DRY) principle, promoting reusable components and making development faster. With built-in features like user authentication, database connections, and CRUD operati
10 min read
Django ORM - Inserting, Updating & Deleting DataDjango's Object-Relational Mapping (ORM) is one of the key features that simplifies interaction with the database. It allows developers to define their database schema in Python classes and manage data without writing raw SQL queries. The Django ORM bridges the gap between Python objects and databas
4 min read
Templating With Jinja2 in FlaskFlask is a lightweight WSGI framework that is built on Python programming. WSGI simply means Web Server Gateway Interface. Flask is widely used as a backend to develop a fully-fledged Website. And to make a sure website, templating is very important. Flask is supported by inbuilt template support na
6 min read
Django TemplatesTemplates are the third and most important part of Django's MVT Structure. A Django template is basically an HTML file that can also include CSS and JavaScript. The Django framework uses these templates to dynamically generate web pages that users interact with. Since Django primarily handles the ba
7 min read
Python | Build a REST API using FlaskPrerequisite: Introduction to Rest API REST stands for REpresentational State Transfer and is an architectural style used in modern web development. It defines a set or rules/constraints for a web application to send and receive data. In this article, we will build a REST API in Python using the Fla
3 min read
How to Create a basic API using Django Rest Framework ?Django REST Framework (DRF) is a powerful extension of Django that helps you build APIs quickly and easily. It simplifies exposing your Django models as RESTfulAPIs, which can be consumed by frontend apps, mobile clients or other services.Before creating an API, there are three main steps to underst
4 min read
Python Practice
Python QuizThese Python quiz questions are designed to help you become more familiar with Python and test your knowledge across various topics. From Python basics to advanced concepts, these topic-specific quizzes offer a comprehensive way to practice and assess your understanding of Python concepts. These Pyt
3 min read
Python Coding Practice ProblemsThis collection of Python coding practice problems is designed to help you improve your overall programming skills in Python.The links below lead to different topic pages, each containing coding problems, and this page also includes links to quizzes. You need to log in first to write your code. Your
1 min read
Python Interview Questions and AnswersPython is the most used language in top companies such as Intel, IBM, NASA, Pixar, Netflix, Facebook, JP Morgan Chase, Spotify and many more because of its simplicity and powerful libraries. To crack their Online Assessment and Interview Rounds as a Python developer, we need to master important Pyth
15+ min read