Scribd Logo
Upload

Welcome to Scribd!

  • QN A

    Uploaded by

    Tejas
    6 views3 pages

    Original Title

    QnA.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    6 views3 pages

    QN A

    Uploaded by

    Tejas

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 3

    Q.What is JWT?

    A. Json Web Token used for encoding and securely transmitting info.This info can be
    verified and trusted because it is digitally signed
    https://jwt.io/introduction/

    Q.How is it implemented here?

    We are doing is that with user IDs.(user.py)


    So a user is going to be an entity
    that has a unique identifying number
    and a username and a password.
    The user is going to send us a username and a password,
    and we're going to send them, the client really,
    a JWT and that JWT is going to be the user ID.
    When the client has the JWT
    they can send it to us with any request they make
    and when they do that it's going to tell us
    that they have previously authenticated,
    that means they are logged in.

    Q What are Requirements for Encryption?

    We need some sort of key for encryption,that is done by


    app.secret_key="ANY_SECRET_KEY".
    For production API,this has to be hidden

    Q userid_mapping:

    maps user id with the user details. Example:


    userid_mapping={
    1:
    {
    'id':1,
    'username':'harry',
    'password':'potter'}
    }
    in code we are representing as user objects instead of json

    Q Authenticate function:

    takes username,password
    gets user using user_mapping
    if passwords match, returns userNone as default

    Q identity function

    extracts userid from payload


    used to retrieve users

    Q using jwt in app.py

    from secrity.py we import identity , authentication


    jwt creates a new endpoint /auth
    when we call /auth , jwt sends it to authentication function
    after authentication we return user.
    auth endoint return a jwt token
    when we send it to next request ,(the jwt token) jwt calls identity
    function which then returns the username that was previously authenticated
    Q who creates http://127.0.0.1:5000/auth

    Jwt extension creates the endpoint by default

    1.Register at http://127.0.0.1:5000/register
    IN: give user details
    {

    "username":"kitten",
    "password":"1234"
    }
    OUT: user created successfully

    2.Authorize at http://127.0.0.1:5000/auth =>gives jwt


    IN: give details
    {
    "username":"kitten",
    "password":"1234"

    OUT:we get access token


    {
    "access_token":
    "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NzQ2MTg1NjEsImlhdCI6MTU3NDYxODI2M
    SwibmJmIjoxNTc0NjE4MjYxLCJpZGVudGl0eSI6M30.10pWQ2IcFiPpmq8ncntNGaKJ2WlioFCqY2FElUPt
    l94"
    }

    3. create an item
    at POST http://127.0.0.1:5000/item/glass
    IN: {
    "price":56
    }
    OUT:
    {
    "name": "glass",
    "price": 56.0
    }

    4.Get all items at GET http://127.0.0.1:5000/items


    IN:nothing
    OUT:list of all items

    5.Get specific item


    IN: in headers: KEY=Authorization VALUE= JWT access_token

    OUT: item as json


    {
    "name": "bat",
    "price": 560.0
    }

    6.Delete item at DELETE http://127.0.0.1:5000/item/chair


    IN: in headers: KEY=Authorization VALUE= JWT access_token
    OUT:
    {
    "message": "Item deleted"
    }
    7. update item at PUT http://127.0.0.1:5000/item/bat

    IN:
    {
    "price":20.8
    }
    OUT:
    Item gets updated/created if doesnt exist
    {
    "name": "bat",
    "price": 20.8
    }

    You might also like