{"id":9990,"library":"nsj-flask-auth","title":"Nasajon Flask Authentication","description":"nsj-flask-auth is a basic module designed for authenticating Flask applications within the Nasajon ecosystem. It provides tools for JWT-based authentication, integrating with Flask routes via decorators. Currently at version 0.11.1, its release cadence is tied to internal Nasajon project needs, typically with updates released as new features or fixes are required.","status":"active","version":"0.11.1","language":"en","source_language":"en","source_url":"https://github.com/Nasajon/nsj-flask-auth","tags":["flask","authentication","auth","jwt","nasajon","security"],"install":[{"cmd":"pip install nsj-flask-auth","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core web framework integration.","package":"Flask","optional":false},{"reason":"Handles JSON Web Token (JWT) encoding and decoding.","package":"PyJWT","optional":false},{"reason":"Used for strict separation of settings from code, typically for environment variables.","package":"python-decouple","optional":false},{"reason":"Potentially used for internal API calls (e.g., to an identity provider).","package":"requests","optional":false},{"reason":"Internal Nasajon authentication library dependency.","package":"nsj-auth","optional":false}],"imports":[{"symbol":"AuthManager","correct":"from nsj_flask_auth.auth_manager import AuthManager"},{"symbol":"auth_required","correct":"from nsj_flask_auth.decorator import auth_required"}],"quickstart":{"code":"import os\nfrom flask import Flask, jsonify\nfrom nsj_flask_auth.auth_manager import AuthManager\nfrom nsj_flask_auth.decorator import auth_required\n\napp = Flask(__name__)\n\n# Configure authentication settings\napp.config['NSJ_AUTH_TOKEN_HEADER'] = os.environ.get('NSJ_AUTH_TOKEN_HEADER', 'Authorization')\napp.config['NSJ_AUTH_JWT_SECRET'] = os.environ.get('NSJ_AUTH_JWT_SECRET', 'your-super-secret-key-here')\napp.config['NSJ_AUTH_ALGORITHMS'] = os.environ.get('NSJ_AUTH_ALGORITHMS', 'HS256') # Comma-separated for multiple\n\n# Initialize AuthManager with the Flask app\nauth_manager = AuthManager(app)\n\n@app.route('/')\ndef home():\n    return \"Welcome! This route is public.\"\n\n@app.route('/protected')\n@auth_required\ndef protected_route():\n    # Access current user info after authentication\n    user_info = auth_manager.current_user()\n    return jsonify({\"message\": \"This is a protected route!\", \"user\": user_info.to_dict()})\n\nif __name__ == '__main__':\n    # Example usage: Set environment variables or ensure app.config is properly set\n    # For testing, you might use a tool like Postman to send a JWT token\n    # in the 'Authorization' header: 'Bearer <your_jwt_token>'\n    app.run(debug=True, port=5000)","lang":"python","description":"This quickstart demonstrates how to initialize `nsj-flask-auth` with a Flask application, configure essential settings like the JWT secret and token header, and protect a route using the `@auth_required` decorator. Configuration is pulled from `app.config`, which can be populated via environment variables for security and flexibility. Run this, then access `/protected` with a valid JWT in the Authorization header to test."},"warnings":[{"fix":"Ensure `app.config['NSJ_AUTH_JWT_SECRET']` is correctly set with the exact secret key used by your token issuer. Use environment variables for production secrets.","message":"Incorrect or missing `NSJ_AUTH_JWT_SECRET` leads to `SignatureVerificationError` or `InvalidSignatureError`. The secret must match the one used to sign the JWT token.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Verify that `app.config['NSJ_AUTH_TOKEN_HEADER']` matches the header where clients send the token (e.g., 'Authorization'). Also, confirm `app.config['NSJ_AUTH_ALGORITHMS']` includes the algorithm used to sign the token.","message":"Mismatch in `NSJ_AUTH_TOKEN_HEADER` or `NSJ_AUTH_ALGORITHMS` prevents token detection or validation. Default is 'Authorization'.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Thoroughly review the GitHub repository's commit history or any available release notes before upgrading minor versions. Test applications extensively after any upgrade.","message":"As a pre-1.0 library, API changes can occur in minor versions (e.g., 0.10.x to 0.11.x) without strict adherence to semantic versioning for breaking changes, requiring careful review of release notes upon upgrade.","severity":"breaking","affected_versions":"<1.0.0"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Update `app.config['NSJ_AUTH_JWT_SECRET']` to the correct secret key. Ensure it's read securely from environment variables or a configuration management system.","cause":"The JWT secret configured in your Flask application (`NSJ_AUTH_JWT_SECRET`) does not match the secret used to sign the incoming JWT token.","error":"jwt.exceptions.SignatureVerificationError: Signature verification failed"},{"fix":"Call `current_user()` from an instance of `AuthManager`, typically the `auth_manager` object created during application setup (e.g., `auth_manager.current_user()`).","cause":"Attempting to call `current_user()` as a static method or directly from the `AuthManager` class, instead of from an instantiated `AuthManager` object.","error":"TypeError: current_user() missing 1 required positional argument: 'self'"},{"fix":"Ensure the client sends the JWT token in the correct header. If not 'Authorization', update `app.config['NSJ_AUTH_TOKEN_HEADER']` to match the client's header. Example: `Authorization: Bearer <your_jwt>`.","cause":"The incoming HTTP request did not contain a token in the expected header (default: 'Authorization'). This could be due to a missing header or an incorrect header name.","error":"nsj_flask_auth.exceptions.NoTokenFoundError: No token found in request."}]}