DEV Community: Prateek Goyal The latest articles on DEV Community by Prateek Goyal (@theprateekgoyal2). https://dev.to/theprateekgoyal2 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1218570%2Fe9d47e8c-34b4-494a-be6c-f8b2d1df4ddb.png DEV Community: Prateek Goyal https://dev.to/theprateekgoyal2 en How to prevent generating new access tokens. Prateek Goyal Wed, 15 May 2024 19:36:43 +0000 https://dev.to/theprateekgoyal2/how-to-prevent-generating-new-access-tokens-39ig https://dev.to/theprateekgoyal2/how-to-prevent-generating-new-access-tokens-39ig <p>My problem is that when I hit the Login API it generates the access token and refresh token. But even when the tokens are valid, when I hit the API again the tokens are generated. I want to prevent that how can I do that? Please help.<br> Note: I am not sending the token in the Login API request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>class LoginView(MethodView): def post(self): body = request.form try: name = body.get('name') mobileNumber = body.get('mobileNumber') email = body.get('email') password = body.get('password') if not name: return jsonify({"error": "Name is required"}), 401 if len(password) &lt; 6: return jsonify({"error": "Password must be at least 6 characters long"}), 401 if not email and not mobileNumber: return jsonify({"error": "Either email address or mobile number is required"}), 401 if email: user = User.query.filter_by(email = email).first() if not user: return jsonify({"error": "User does not exist, please register"}), 401 if mobileNumber: user = User.query.filter_by(mobileNumber=mobileNumber).first() if not user: return jsonify({"error": "User doest not exist, please register"}), 401 if (user.name == name.capitalize()): if check_password_hash(user.password, password): # Generate access and refresh tokens access_token_expires = timedelta(minutes=30) # Shorter expiry refresh_token_expires = timedelta(days=1) # Longer expiry access_token = create_access_token(identity=user.public_id, expires_delta=access_token_expires) refresh_token = create_refresh_token(identity=user.public_id, expires_delta=refresh_token_expires) return jsonify({ 'access_token': access_token, 'refresh_token': refresh_token }), 201 return jsonify({"error": "Wrong password entered"}), 401 return jsonify({"error": "User name didn't match"}), 401 except Exception as e: return jsonify({"error": str(e)}), 500 </code></pre> </div> flask webdev python backenddevelopment