1.服务端
from flask import Flask, jsonify, request
import itsdangerous
ts = itsdangerous.TimedJSONWebSignatureSerializer("secret", expires_in=3600)
app = Flask(__name__)
@app.route('/login', methods=['POST'])
def login():
username = request.form.get('username', None)
password = request.form.get('password', None)
if password != 'test':
return jsonify({"msg": "Bad username or password"})
access_token = ts.dumps({'wang': '123'}).decode()
refresh_token = ts.dumps({'wang': '123'}).decode()
ret = {
"access_token":access_token,
"refresh_token":refresh_token
}
return jsonify(ret)
@app.route('/refresh')
def refresh():
authorization = request.headers.get('Authorization')
if authorization and authorization.startswith('Bearer '):
token = authorization.strip()[7:]
try:
payload = ts.loads(token)
except:
payload = None
if payload:
access_token = ts.dumps({'wang': '123'}).decode()
ret = {"access_token":access_token}
return jsonify(ret)
else:
return {'message': 'Wrong refresh token.'}
@app.route('/protected', methods=['GET'])
def protected():
authorization = request.headers.get('Authorization')
if authorization and authorization.startswith('Bearer '):
token = authorization.strip()[7:]
try:
payload = ts.loads(token)
except:
payload = None
if payload:
return 'already login'
else:
return {'message': 'Wrong refresh token.'}
if __name__ == '__main__':
app.run(host="0.0.0.0",port=5000,debug=True)
2.客户端
import requests
url = "http://0.0.0.0:5000/login"
payload = {
"username":"test",
"password":"test"
}
data = requests.post(url,payload)
data = data.json()
url2 = "http://0.0.0.0:5000/refresh"
header = {
"Authorization":"Bearer "+data["access_token"]
}
refresh = requests.get(url2,headers=header)
url3 = "http://0.0.0.0:5000/protected"
header = {
"Authorization":"Bearer "+data["access_token"]
}
protect = requests.get(url3,headers=header)