For a client project I am developing a web app that is using Flask for the backend.
So I decided to use Flask-oauthlib in a attempt to make supplying refresh tokens, and revoking access tokens simple. However, there is something I am still having a hard time wrapping my head around.
When writing the oauth server, how can I have it generate and serve JSON Web Tokens over using the default access/refresh tokens?
Another thing I would also like to know is how would I go about validating JSON Web Tokens from http requests?
Any advice is appreciated.
I'm the author of Flask-OAuthlib. It is hard to implement such thing with this library. I have created a new library which is Authlib. With this library, it would be quite easy to create an OAuth server as you described.
Authlib itself has JWT included. First, learn how to create JWT and validate JWT on https://docs.authlib.org/en/latest/specs/rfc7519.html
For generating access token and refresh token, you can configure it with
OAUTH2_ACCESS_TOKEN_GENERATOR
and OAUTH2_REFRESH_TOKEN_GENERATOR
as described on https://docs.authlib.org/en/latest/flask/oauth2.html#define-server