DEV Community

Prateek Goyal
Prateek Goyal

Posted on

How to prevent generating new access tokens.

My problem is that when I hit the Login API it generates the access token and refresh token. But even when the tokens are valid, when I hit the API again the tokens are generated. I want to prevent that how can I do that? Please help.
Note: I am not sending the token in the Login API request.

class LoginView(MethodView):

    def post(self):
        body = request.form
        try:
            name = body.get('name')
            mobileNumber = body.get('mobileNumber')
            email = body.get('email')
            password = body.get('password')


            if not name:
                return jsonify({"error": "Name is required"}), 401

            if len(password) < 6:
                return jsonify({"error": "Password must be at least 6 characters long"}), 401

            if not email and not mobileNumber:
                return jsonify({"error": "Either email address or mobile number is required"}), 401

            if email:
                user = User.query.filter_by(email = email).first()
                if not user:
                    return jsonify({"error": "User does not exist, please register"}), 401

            if mobileNumber:
                user = User.query.filter_by(mobileNumber=mobileNumber).first()
                if not user:
                    return jsonify({"error": "User doest not exist, please register"}), 401

            if (user.name == name.capitalize()):
                if check_password_hash(user.password, password):

                    # Generate access and refresh tokens
                    access_token_expires = timedelta(minutes=30) # Shorter expiry
                    refresh_token_expires = timedelta(days=1) # Longer expiry
                    access_token = create_access_token(identity=user.public_id, expires_delta=access_token_expires)
                    refresh_token = create_refresh_token(identity=user.public_id, expires_delta=refresh_token_expires)

                    return jsonify({
                        'access_token': access_token,
                        'refresh_token': refresh_token
                    }), 201

                return jsonify({"error": "Wrong password entered"}), 401

            return jsonify({"error": "User name didn't match"}), 401

        except Exception as e:
            return jsonify({"error": str(e)}), 500
Enter fullscreen mode Exit fullscreen mode

Billboard image

Deploy and scale your apps on AWS and GCP with a world class developer experience

Coherence makes it easy to set up and maintain cloud infrastructure. Harness the extensibility, compliance and cost efficiency of the cloud.

Learn more

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay