The User Logout Mechanism
The Flask-JWT-Extended package supports the logout function. The way it works is to put the token into a blacklist when the user is logged out. A blacklist is basically a blocklist; it is an access control mechanism. Things (for example, emails, tokens, IDs, and so on) on the list will be denied access. With the blacklist in place, the application can use
token_in_blacklist_loader to verify whether the user has logged out or not:
Figure 4.16: The user logout mechanism using a blacklist
In the next exercise, we want you to try implementing this logout function. It will test your understanding of the login and logout flow.
Exercise 31: Implementing the Logout Function
In this exercise, we will implement the logout function. We will first declare a
black_list to store all the logged-out access tokens. Later, when the user wants to visit the access-controlled API endpoints, we will first check whether the access token is still valid...