Add custom claims examples

Author: vimalloc

README.md

@@ -72,6 +72,55 @@ $ curl --write-out "%{http_code}\n" -H "Authorization: Bearer $ACCESS" http://lo
 ```
 However, this is only the tip of the iceberg for what we can do
 
+
+### Adding Custom Claims to the Access Token
+You may want to store additional information in the access token. Perhaps you want
+to save the access roles this user has so you can access them in the view functions
+(without having to make a database call each time). This can be done with the 
+user_claims_loader, and access with the 'get_jwt_claims()' method in a protected endpoint
+```python
+from flask import Flask, jsonify, request
+from flask_jwt_extended import JWTManager, jwt_required, create_access_token, \
+    get_jwt_claims
+
+app = Flask(__name__)
+app.secret_key = 'super-secret'  # Change this!
+jwt = JWTManager(app)
+
+
+@jwt.user_claims_loader
+def add_claims_to_access_token(identity):
+    # These must be json serializable
+    return {
+        'hello': identity,
+        'foo': ['bar', 'baz']
+    }
+
+
+@app.route('/login', methods=['POST'])
+def login():
+    username = request.json.get('username', None)
+    password = request.json.get('password', None)
+    if username != 'test' and password != 'test':
+        return jsonify({"msg": "Bad username or password"}), 401
+
+    ret = {'access_token': create_access_token(username)}
+    return jsonify(ret), 200
+
+
+@app.route('/protected', methods=['GET'])
+@jwt_required
+def protected():
+    claims = get_jwt_claims()
+    return jsonify({
+        'hello_is': claims['hello'],
+        'foo_is': claims['foo']
+    }), 200
+
+if __name__ == '__main__':
+    app.run()
+```
+
 ### Refresh Tokens
 Flask-JWT-Extended supports [refresh tokens] (https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/)
 out of the box. These are longer lived token which cannot access a jwt_required protected
@@ -271,9 +320,6 @@ The available loader functions are:
 * needs_fresh_token_loader
 * revoked_token_loader  (see Blacklist and Token Revoking bellow)
 
-### Adding Custom Claims to the Access Token
-TODO
-
 ### Options
 TODO
 

examples/additional_data_in_access_token.py

@@ -0,0 +1,40 @@
+from flask import Flask, jsonify, request
+from flask_jwt_extended import JWTManager, jwt_required, create_access_token, \
+    get_jwt_claims
+
+app = Flask(__name__)
+app.secret_key = 'super-secret'  # Change this!
+jwt = JWTManager(app)
+
+
+@jwt.user_claims_loader
+def add_claims_to_access_token(identity):
+    # These must be json serializable
+    return {
+        'hello': identity,
+        'foo': ['bar', 'baz']
+    }
+
+
+@app.route('/login', methods=['POST'])
+def login():
+    username = request.json.get('username', None)
+    password = request.json.get('password', None)
+    if username != 'test' and password != 'test':
+        return jsonify({"msg": "Bad username or password"}), 401
+
+    ret = {'access_token': create_access_token(username)}
+    return jsonify(ret), 200
+
+
+@app.route('/protected', methods=['GET'])
+@jwt_required
+def protected():
+    claims = get_jwt_claims()
+    return jsonify({
+        'hello_is': claims['hello'],
+        'foo_is': claims['foo']
+    }), 200
+
+if __name__ == '__main__':
+    app.run()