DEV Community

Prateek Goyal
Prateek Goyal

Posted on

How to prevent generating new access tokens.

My problem is that when I hit the Login API it generates the access token and refresh token. But even when the tokens are valid, when I hit the API again the tokens are generated. I want to prevent that how can I do that? Please help.
Note: I am not sending the token in the Login API request.

class LoginView(MethodView):

    def post(self):
        body = request.form
        try:
            name = body.get('name')
            mobileNumber = body.get('mobileNumber')
            email = body.get('email')
            password = body.get('password')


            if not name:
                return jsonify({"error": "Name is required"}), 401

            if len(password) < 6:
                return jsonify({"error": "Password must be at least 6 characters long"}), 401

            if not email and not mobileNumber:
                return jsonify({"error": "Either email address or mobile number is required"}), 401

            if email:
                user = User.query.filter_by(email = email).first()
                if not user:
                    return jsonify({"error": "User does not exist, please register"}), 401

            if mobileNumber:
                user = User.query.filter_by(mobileNumber=mobileNumber).first()
                if not user:
                    return jsonify({"error": "User doest not exist, please register"}), 401

            if (user.name == name.capitalize()):
                if check_password_hash(user.password, password):

                    # Generate access and refresh tokens
                    access_token_expires = timedelta(minutes=30) # Shorter expiry
                    refresh_token_expires = timedelta(days=1) # Longer expiry
                    access_token = create_access_token(identity=user.public_id, expires_delta=access_token_expires)
                    refresh_token = create_refresh_token(identity=user.public_id, expires_delta=refresh_token_expires)

                    return jsonify({
                        'access_token': access_token,
                        'refresh_token': refresh_token
                    }), 201

                return jsonify({"error": "Wrong password entered"}), 401

            return jsonify({"error": "User name didn't match"}), 401

        except Exception as e:
            return jsonify({"error": str(e)}), 500
Enter fullscreen mode Exit fullscreen mode

Image of Docusign

πŸ› οΈ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

Sentry image

See why 4M developers consider Sentry, β€œnot bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

πŸ‘‹ Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay