> For the complete documentation index, see [llms.txt](https://gchandra.gitbook.io/big-data-and-tools-with-nosql/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gchandra.gitbook.io/big-data-and-tools-with-nosql/data-format/python/flask-demo-03.md). # Flask Demo - 03 ### HTTP Basic Authentication 1. **Simplicity:** Basic Authentication is simple to implement, as it doesn't require additional libraries or infrastructure. It's part of the HTTP standard. 2. **Suitability for Simple Use Cases:** It's suitable for simple, internal applications or services where ease of implementation is more critical than advanced security features. 3. **Limited Security:** The credentials are only base64 encoded, not encrypted, making it less secure unless used with HTTPS. It's also more vulnerable to CSRF (Cross-Site Request Forgery) attacks. 4. **Stateful:** Basic Authentication is typically stateful, requiring the server to maintain session state, which can be a drawback in distributed systems. ```bash python3 api_demo/flask_03_basic_auth_app.py http://127.0.0.1:5003/items ``` ### **`Other @auth decorators`** **`@auth.verify_password`**: * This decorator defines a function that verifies user credentials during authentication. * Example: ```python @auth.verify_password def verify_password(username, password): # Check username and password, return username if authentication succeeds ``` **`auth.username()`**: * After successful authentication, you can use `auth.username()` to retrieve the authenticated username within a route function. * Example: ```python @app.route('/profile') @auth.login_required def get_profile(): username = auth.username() # Use the username to fetch user-specific data ``` **`@auth.login_required`**: * This decorator protects routes that require authentication. It ensures that only authenticated users can access the decorated route. * Example: ```python @app.route('/secure_data') @auth.login_required def secure_data(): # Only authenticated users can access this route ``` **`@auth.error_handler`**: * You can define a custom error handler for authentication failures using this decorator. It allows you to handle authentication errors in a customized way. * Example: ```python @auth.error_handler def unauthorized(): return jsonify({"message": "Unauthorized access"}), 401 ``` **`@auth.token_authentication`**: * If you want to implement token-based authentication, you can use this decorator to specify a function that verifies tokens. * Example: ```python @auth.token_authentication def verify_token(token): # Check if the token is valid and return the associated user ``` **`@auth.get_password` and `@auth.get_user_roles`**: * These decorators allow you to customize how passwords and user roles are retrieved from your data source. They are useful for complex authentication systems. * Example: ```python @auth.get_password def get_password(username): # Retrieve and return the password for the given username ``` ### Usage ```python users = { "user1": "password1", "user2": "password2" } user_roles = { "user1": ["admin"], "user2": ["user"] } @auth.get_password def get_password(username): return users.get(username) @auth.get_user_roles def get_user_roles(user): return user_roles.get(user) tokens = { "token1": "user1", "token2": "user2" } @auth.verify_token def verify_token(token): if token in tokens: return tokens[token] ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://gchandra.gitbook.io/big-data-and-tools-with-nosql/data-format/python/flask-demo-03.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.