Customising the token#
The token used to authenticate requests is generated by Quart-Auth’s
QuartAuth class and can be customised. The serializer class itself
is customisable and can be changed via the
QuartAuth.serializer_class
attribute. In addition the
serialization and deserialization methods can be changed to fully
customise the token usage.
For example to log when a user attempts to use an expired token the following can be used:
import logging
from itsdangerous import BadSignature, SignatureExpired
from quart_auth import _get_config_or_default, QuartAuth
log = logging.getLogger(__name__)
class CustomQuartAuth(QuartAuth):
def load_token(self, token: str, app: Optional[Quart] = None) -> Optional[str]:
if app is None:
app = current_app
serializer = URLSafeTimedSerializer(
app.secret_key,
_get_config_or_default("QUART_AUTH_SALT", app),
)
try:
return serializer.loads(
token,
max_age=_get_config_or_default("QUART_AUTH_DURATION", app)
)
except SignatureExpired:
auth_id, _ = serializer.loads_unsafe(
token,
max_age=_get_config_or_default("QUART_AUTH_DURATION", app)
)
log.warning("An expired token was used with auth_id=%s", auth_id)
return None
except BadSignature:
return None