python-3.xflaskflask-sqlalchemyflask-jwt-extended

Implementing roles with Flask-JWT-Extended


I am currently developing an flask api that uses flask-jwt-extended to protect endpoints. I have the jwt required decorator working correctly but I would like to add roles to have more granular control over access. In my imagination it would be best to have three tables Users, Roles and UserRoles. UserRoles would map users to roles using foreign ids and then use a custom decorator to check for each endpoint.

I have never done this before, how would you implement this and why?


Solution

  • As you suggested, having some basic tables and methods + decorators is the way to go.

    You can also look into how this is implemented in Flask-Security (or in packages Flask-Login and Flask-Principal, which are used in Flask-Security). It can give you some suggestions on what kind of functions you'd like to have.