Teaching you how to set up a framework for requesting new access tokens using Python decorators

Jonathan Hsu
Aug 21 · 2 min read

When I was creating a wrapper for the iFormBuilder API, which uses JWT for authentication, I began to run into challenges with longer scripts that extended beyond the expiration of a single JWT.

To elegantly solve this, I used decorators to check the token’s expiration and request a new token if necessary. This article goes over the framework I set up so that you can apply a similar mechanism in your own scripts.

Setting the Scene

To get started, I’ve outlined all the parts needed to set up our token-refreshing framework.

Our class will work by requiring the fields necessary to request the JWT. Without access, there is nothing more our class will do.

Writing the Access Token Function

Fleshing out getAccessToken() is going to be dependent on whatever API you are trying to interact with. For that reason, I won’t include any code constructing and executing the JWT request.

I highly recommend using a try/except/else along with raise_for_status() for requesting the access token. As we’re working with APIs, the request can fail and not return an access token but it can be successful in the eyes of Python.

Writing the Initialization Function

The __init__() function will be executed whenever we create a new instance of our myAPI class. What we want to do in this function is request an access token and, if successful, set the expiration time.

We make the assumption that the access token should be returned and stored in self.access_token, so, if the value is None after the request, we raise an exception.

Otherwise, we set the expiration time for our access token. I like to give the class a small buffer, so if my token expires in one hour (3,600 seconds) I’m going to set the expiration for 3,500 seconds.

Writing the Decorator Class and Function

Decorators are an easy way of wrapping a function within another.

If you’re not familiar with decorators, I would recommend checking out the primer on Real Python. For our API class, we want to wrap all API functions with an access token check-and-refresh.

Putting It All Together and Using the Decorator

Now that we’re all set, it’s time to create a new function that will use the decorator. All you need to do is put @Decorators.refreshToken above any functions that will make an API request.

I’ve put the code all together along with an empty sample function at the end.

I hope you enjoyed this tutorial and it serves you well. This intelligent refresh mechanism is far superior to arbitrarily requesting new JWTs mid-script.

Better Programming

Advice for programmers.

Jonathan Hsu

Written by

I’m a black belt problem-solver (literally) who likes to share his process. I enjoy the taking on new challenges and building mastery for tomorrow. 🥋

Better Programming

Advice for programmers.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade