All geek questions in one place

Using Flask-Security for REST API Authentication

I am using Flask-Security to build a web application with a public REST API. I am trying to figure out how to add user registration and login using only REST calls. Creating a user using user_datastore.create_user pretty simple. But how can I log in to a user using a REST call?
If flask_security.utils.login_user took the username + password or token as an argument, it would be easy, but instead, did it take the user object? The documentation shows how to register and log in using forms and submissions, but I need to be able to register and register from an iOS device (using RESTkit).

+6
source share
2 answers

You will either want to use flask_security.decorators.auth_token_required along with SECURITY_TOKEN_AUTHENTICATION_KEY or SECURITY_TOKEN_AUTHENTICATION_HEADER (depending on whether you want to pass the token in the URL or in the header), or you can redefine the flask_security.core.UserMixin.get_auth_token and Flask-Security will do it right.

+5
source

[Writing an answer because I do not have sufficient authority to comment on the answer of Sean Vieira]

I looked at the Flask-Security code for a bit - using the Flask-Login LoginManager for this. Flask-Login, in turn, expects the user to define token_loader (and also implements get_auth_token in the User class)

Does Flask-Security provide token_loader functionality by default? Otherwise, this is the same as Flask-Login.

Edit: Turns out Flask-Security is working fine. I do not need to write my own loader token. I had a security code in a separate file, and this is how the magic broke. I returned the security code to myapp / init .py - and the documented code "works"

Edit 2: See the answer provided by Sean above. I do not think this is one or the other. You need to use the auth_token_required decorator. Overriding get_auth_token in the User class is optional if you need another implementation to generate a token (I think) It is not enough to override get_auth_token in the User class.

+2
source

Source: https://habr.com/ru/post/970055/

More articles:


All Articles