Nasajon Flask Authentication

0.11.1 · active · verified Fri Apr 17

nsj-flask-auth is a basic module designed for authenticating Flask applications within the Nasajon ecosystem. It provides tools for JWT-based authentication, integrating with Flask routes via decorators. Currently at version 0.11.1, its release cadence is tied to internal Nasajon project needs, typically with updates released as new features or fixes are required.

Common errors

```
jwt.exceptions.SignatureVerificationError: Signature verification failed
```
cause The JWT secret configured in your Flask application (`NSJ_AUTH_JWT_SECRET`) does not match the secret used to sign the incoming JWT token.

fix Update `app.config['NSJ_AUTH_JWT_SECRET']` to the correct secret key. Ensure it's read securely from environment variables or a configuration management system.
```
TypeError: current_user() missing 1 required positional argument: 'self'
```
cause Attempting to call `current_user()` as a static method or directly from the `AuthManager` class, instead of from an instantiated `AuthManager` object.

fix Call `current_user()` from an instance of `AuthManager`, typically the `auth_manager` object created during application setup (e.g., `auth_manager.current_user()`).
```
nsj_flask_auth.exceptions.NoTokenFoundError: No token found in request.
```
cause The incoming HTTP request did not contain a token in the expected header (default: 'Authorization'). This could be due to a missing header or an incorrect header name.

fix Ensure the client sends the JWT token in the correct header. If not 'Authorization', update `app.config['NSJ_AUTH_TOKEN_HEADER']` to match the client's header. Example: `Authorization: Bearer <your_jwt>`.

Warnings

gotcha Incorrect or missing `NSJ_AUTH_JWT_SECRET` leads to `SignatureVerificationError` or `InvalidSignatureError`. The secret must match the one used to sign the JWT token.
Fix: Ensure `app.config['NSJ_AUTH_JWT_SECRET']` is correctly set with the exact secret key used by your token issuer. Use environment variables for production secrets.
gotcha Mismatch in `NSJ_AUTH_TOKEN_HEADER` or `NSJ_AUTH_ALGORITHMS` prevents token detection or validation. Default is 'Authorization'.
Fix: Verify that `app.config['NSJ_AUTH_TOKEN_HEADER']` matches the header where clients send the token (e.g., 'Authorization'). Also, confirm `app.config['NSJ_AUTH_ALGORITHMS']` includes the algorithm used to sign the token.
breaking As a pre-1.0 library, API changes can occur in minor versions (e.g., 0.10.x to 0.11.x) without strict adherence to semantic versioning for breaking changes, requiring careful review of release notes upon upgrade.
Fix: Thoroughly review the GitHub repository's commit history or any available release notes before upgrading minor versions. Test applications extensively after any upgrade.

Install

pip install nsj-flask-auth Install stable version

Imports

AuthManager

from nsj_flask_auth.auth_manager import AuthManager

auth_required

from nsj_flask_auth.decorator import auth_required

Quickstart

This quickstart demonstrates how to initialize `nsj-flask-auth` with a Flask application, configure essential settings like the JWT secret and token header, and protect a route using the `@auth_required` decorator. Configuration is pulled from `app.config`, which can be populated via environment variables for security and flexibility. Run this, then access `/protected` with a valid JWT in the Authorization header to test.

import os
from flask import Flask, jsonify
from nsj_flask_auth.auth_manager import AuthManager
from nsj_flask_auth.decorator import auth_required

app = Flask(__name__)

# Configure authentication settings
app.config['NSJ_AUTH_TOKEN_HEADER'] = os.environ.get('NSJ_AUTH_TOKEN_HEADER', 'Authorization')
app.config['NSJ_AUTH_JWT_SECRET'] = os.environ.get('NSJ_AUTH_JWT_SECRET', 'your-super-secret-key-here')
app.config['NSJ_AUTH_ALGORITHMS'] = os.environ.get('NSJ_AUTH_ALGORITHMS', 'HS256') # Comma-separated for multiple

# Initialize AuthManager with the Flask app
auth_manager = AuthManager(app)

@app.route('/')
def home():
    return "Welcome! This route is public."

@app.route('/protected')
@auth_required
def protected_route():
    # Access current user info after authentication
    user_info = auth_manager.current_user()
    return jsonify({"message": "This is a protected route!", "user": user_info.to_dict()})

if __name__ == '__main__':
    # Example usage: Set environment variables or ensure app.config is properly set
    # For testing, you might use a tool like Postman to send a JWT token
    # in the 'Authorization' header: 'Bearer <your_jwt_token>'
    app.run(debug=True, port=5000)

view raw JSON →