Geek Answers Handbook

Checkbox login mechanisim for authentication token of my calls

Hi, I looked at the flash login, did a great job of registering the session, this work is good for templates and views where I have access to the session.

However, I was trying to find out if there is a way that I can send user_token to authorize the call. I looked at the document and very vague about it. He said I should

  • Implement get_auth_token in the User object.
  • Decorte function @user_loader, which can load the user token database.

I have seen at least the following (please correct me if I am wrong)

  • A cookie database for storing an authorization token is a way that I can decide to send a token as part of the parameters, body, or headers instead of retrieving it from a cookie.
  • I'm not quite sure how to authenticate a call with an auth token.
+7
source share
3 answers

I have a better way that suits me better. Basically, I extend LoginManager quite easily and unevenly, if you look at the source of the flash plugin, which you understand that there is a call that was created by @before_request, there is a reload_user method, this is what I do

class CustomLoginManager(LoginManager): def reload_user(self): if request.headers.has_key('Authorization'): ctx = _request_ctx_stack.top ctx.user = User.get(token=request.headers['Authorization']) return super(CustomLoginManager,self).reload_user()

If in my header I pass the authorization key, then I will try to download this key instead of the session-based approach, of course, I will need to add a new level of security to this approach by signing the key, but in general this is what I need.

Thanks to everyone.

By the way, you can override a bunch of other methods, and I highly recommend taking a look at the source of the plugin so that you can better understand that it makes 644 lines of codes that are worth reading

https://github.com/maxcountryman/flask-login/blob/master/flask_login.py

+9
source

It seems like you want something like OAuth instead of using Flask-Login. If you do not know (quoted on Wikipedia), OAuth is a protocol that uses tokens to access resources on behalf of the owner of the resource. Consider giving the user the ability to issue a valet key to certain parts of your site. Many sites, such as Google, Facebook, and Twitter, use OAuth to authenticate third-party clients to access certain user resources.

There is currently a separation between the less flexible and less complex OAuth 1.0a and the more flexible but more complex OAuth 2.0. There are many libraries for OAuth 1.0a in Python, but less for OAuth 2.0. However, there is a choice for OAuth 2.0 if stability is not a major concern right now.

Flask-OAuth is available to the client if you are building with OAuth 1.0a and it is supported by Armin, the creator of Flask, so you can be sure that he will not die. There is an extension for the provider called Flask-OAuthProvider with support for OAuth 1.0a. If you don't mind integrating it yourself and want to support 2.0, pyoauth2 provides you with both a client and a provider, although it seems less maintenance.

Hope this helps you learn one of the possible ways to use auth tokens, albeit without using Flask-Login. In my opinion, you should not reinstall the protocol if they do not understand it, so I recommend reading about OAuth, even if you decide not to use it. There are many great articles on it, such as this article from Google and.

+5
source

Like the update, Flask-Login now has a 'header_loader' function, which can be used in conjunction with the standard user_loader. Taken directly from the documents:

 @login_manager.header_loader def load_user_from_header(header_val): if header_val.startswith('Basic '): header_val = header_val.replace('Basic ', '', 1) try: header_val = base64.b64decode(header_val) except TypeError: pass return User.query.filter_by(api_key=header_val).first()

Here is a link to a section in documents with flag inputs

+1
source

More articles:


All Articles