All geek questions in one place

Flask-HttpAuth and Sign-In

I am creating a small REST service. I am looking for various authentication methods. For sites, I used the Flask-Login module. Session authentication seems to be. The Flask-HttpAuth module provides http and digest authentication methods. I am a bit confused. Do they complement each other? What is better to use for what reason?

Thanks.

+6
source share
3 answers

For the REST service, you do not need the Login flag. Typically, in web services, you do not store client state (as the checkbox does), instead, you authenticate each request. Flask-HTTPAuth does this for you.

You would use both options only if you have an application with a web component and a REST API component. In this case, Flask-Login will handle web application routes, and Flask-HTTPAuth will handle API routes.

Disclaimer: I am the author of Flask-HTTPAuth.

+28
source

Yes, they complement each other.

You can also take a look at Flask-security, an all-in-one lib:

https://pythonhosted.org/Flask-Security/

  • Session Based Authentication
  • Role management
  • Password encryption
  • Basic HTTP Authentication
  • Token based authentication.
  • Token-based account activation (optional)
  • Token based password recovery / reset (optional)
  • User registration (optional)
  • Login Tracking (optional)
  • JSON / Ajax Support
+1
source

You can configure Basic Auth for Flask in a very simple way, without additional modules, using decorators .

Take a look at: http://flask.pocoo.org/snippets/8/ .

With the vial, add method_decorators = [required_auth] to the attributes of the Resource class.

You can expand the snippet above to, for example, get a custom search from the database .

Note that in the REST architecture, requests are stateless : you do not use sessions, but send identification tokens with each request (see http://broadcast.oreilly.com/2009/12/principles-for-standardized-rest-authentication. html ).

+1
source

Source: https://habr.com/ru/post/976156/

More articles:


All Articles