This project demonstrates a simple implementation of JWT (JSON Web Token) authentication using Flask and Flask-JWT-Extended. It includes user authentication, token generation, and protected routes.

• Python 3.x
• Flask 3.0.0
• Flask-JWT-Extended 4.5.3
• Flask-SQLAlchemy
• Flask-Marshmallow
• MySQL database

1. Clone the repository:

   git clone https://github.com/MartinCantillo/Flask-jwt 

2. Install dependencies:

   pip install -r requirements.txt

3. Set up the MySQL database. Update the app.config['SQLALCHEMY_DATABASE_URI'] in app.py with your database connection details.

4. Run the application:

   python app.py

• MySQL Database: Update the app.config['SQLALCHEMY_DATABASE_URI'] in app.py with your database connection details.

• JWT Configuration: Update the app.config["JWT_SECRET_KEY"] in app.py with a secure secret key.

1. Login without Cookies:

   POST /login_without_cookies

   Authenticate and receive a JWT token.

2. Login with Cookies:

   POST /login_with_cookies

   Authenticate and receive a JWT token, which is also stored in the cookies.

3. Logout with Cookies:

   POST /logout_with_cookies

   Log out and remove the JWT token from cookies.

4. Protected Route:

   GET /protected

   Access a protected route by providing a valid JWT token (can be in headers, cookies, JSON, or query string).

5. Protected Route with Headers:

   GET /only_headers

   Access a protected route by providing a valid JWT token only in headers.

• Role Model:

  • id_rol: Integer, primary key
  • nombre_rol: String(50)

• User Model:

  • id: Integer, primary key
  • username: Text, unique
  • full_name: String(50)
  • password: String(50)
  • rol_id: Integer, foreign key referencing tblRol.id_rol

• Role Schema:

  • id_rol
  • nombre_rol

• User Schema:

  • id
  • username
  • full_name
  • password
  • rol_id
  • rol

• /login_without_cookies: Authenticate without storing the token in cookies.
• /login_with_cookies: Authenticate and store the token in cookies.
• /logout_with_cookies: Log out and remove the token from cookies.
• /protected: Access a protected route (token can be in headers, cookies, JSON, or query string).
• /only_headers: Access a protected route with the token only in headers.

• Ensure that your MySQL server is running and the database is created.

• Customize the JWT secret key and database URI according to your security requirements.

• This project is intended as a basic demonstration and may need further enhancements for a production environment.

This project is licensed under the MIT License - see the LICENSE file for details.