Flask-Stormpath Token Authentication

Question

Flask-Stormpath Token Authentication

I am trying to implement token authentication for my Rask API. I use Stormpath as my third-party authentication service.

I looked flask-stormpathbuilt on top flask-login. It looks like it uses password based authentication as they try to maintain a session on the server. In addition, the documentation does not provide me with enough information.

Do we have integration with storm token based authentication jars? If so, can someone give me some sample code.

I already went through stormpath/flask-stormpath-sampleon github, which again supports sessions on the server.

Literature:

https://stormpath.com ,

https://github.com/stormpath/stormpath-flask

+4

python flask oauth-2.0 stormpath

Vasif May 12, '16 at 7:20

source share

2 answers

Flask-Stormpath. - . ( ), , .

+2

rdegges 12 '16 16:56

Vasif · Accepted Answer · 2016-05-24T22:22:18+0000

So, this is how I use it now, while rdegges should not create this function in flask-stormpath.

You will need the latest python sdk to storm and upgrade it with func tools.

from stormpath.api_auth import (PasswordGrantAuthenticator, RefreshGrantAuthenticator, JwtAuthenticator)
from functools import wraps

You can create your application as such.

stormpathClient = Client(id=KEYS['STORMPATH_ID'], secret=KEYS['STORMPATH_SECRET'])
stormpathApp = stormpathClient.applications.search('your-application')[0]

This decorator will help you with fixing the end points.

def tokenRequired(func):
    """
        Decorator to apply on all routes which require tokens.
    """

    @wraps(func)
    def wrappingFunc():
        #check the auth header of the request for a bearer token.
        authHeader = request.headers.get('Authentication')

        #make sure that the string is a bearer type.
        if len(authHeader)<8 or (not authHeader[:7] == 'Bearer ') or (
                not authHeader):
            return Response("401 Unauthorized",401)
        authToken = authHeader[7:]

        try:
            authenticator = JwtAuthenticator(stormpathApp)
            authResult = authenticator.authenticate(authToken)
            request.vUser = authResult.account
        except:
            return Response("403 Forbidden",403)

        return func()

    return wrappingFunc

#Use this decorator like below.

@flaskApp.route('/secure-route',methods=['GET','POST'])
@tokenRequired
def secureEndpoint():

    # return JSON based response 
    return Response("This is secure Mr." + request.vUser.given_name   ,200)

Let me know in the comments if anyone wants to know a marker that gives out and refresh endpoints.

Flask-Stormpath Token Authentication

More articles: