How to prevent generating new access tokens.
Prateek Goyal
Posted on May 15, 2024
My problem is that when I hit the Login API it generates the access token and refresh token. But even when the tokens are valid, when I hit the API again the tokens are generated. I want to prevent that how can I do that? Please help.
Note: I am not sending the token in the Login API request.
class LoginView(MethodView):
def post(self):
body = request.form
try:
name = body.get('name')
mobileNumber = body.get('mobileNumber')
email = body.get('email')
password = body.get('password')
if not name:
return jsonify({"error": "Name is required"}), 401
if len(password) < 6:
return jsonify({"error": "Password must be at least 6 characters long"}), 401
if not email and not mobileNumber:
return jsonify({"error": "Either email address or mobile number is required"}), 401
if email:
user = User.query.filter_by(email = email).first()
if not user:
return jsonify({"error": "User does not exist, please register"}), 401
if mobileNumber:
user = User.query.filter_by(mobileNumber=mobileNumber).first()
if not user:
return jsonify({"error": "User doest not exist, please register"}), 401
if (user.name == name.capitalize()):
if check_password_hash(user.password, password):
# Generate access and refresh tokens
access_token_expires = timedelta(minutes=30) # Shorter expiry
refresh_token_expires = timedelta(days=1) # Longer expiry
access_token = create_access_token(identity=user.public_id, expires_delta=access_token_expires)
refresh_token = create_refresh_token(identity=user.public_id, expires_delta=refresh_token_expires)
return jsonify({
'access_token': access_token,
'refresh_token': refresh_token
}), 201
return jsonify({"error": "Wrong password entered"}), 401
return jsonify({"error": "User name didn't match"}), 401
except Exception as e:
return jsonify({"error": str(e)}), 500
💖 💪 🙅 🚩
Prateek Goyal
Posted on May 15, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.