Flask Demo - 03

HTTP Basic Authentication

Simplicity: Basic Authentication is simple to implement, as it doesn't require additional libraries or infrastructure. It's part of the HTTP standard.
Suitability for Simple Use Cases: It's suitable for simple, internal applications or services where ease of implementation is more critical than advanced security features.
Limited Security: The credentials are only base64 encoded, not encrypted, making it less secure unless used with HTTPS. It's also more vulnerable to CSRF (Cross-Site Request Forgery) attacks.
Stateful: Basic Authentication is typically stateful, requiring the server to maintain session state, which can be a drawback in distributed systems.

python3 api_demo/flask_03_basic_auth_app.py

http://127.0.0.1:5003/items

`Other @auth decorators`

@auth.verify_password:

This decorator defines a function that verifies user credentials during authentication.

Example:

@auth.verify_password
def verify_password(username, password):
    # Check username and password, return username if authentication succeeds

auth.username():

After successful authentication, you can use auth.username() to retrieve the authenticated username within a route function.

Example:

@app.route('/profile')
@auth.login_required
def get_profile():
    username = auth.username()
    # Use the username to fetch user-specific data

@auth.login_required:

This decorator protects routes that require authentication. It ensures that only authenticated users can access the decorated route.

Example:

@app.route('/secure_data')
@auth.login_required
def secure_data():
    # Only authenticated users can access this route

@auth.error_handler:

You can define a custom error handler for authentication failures using this decorator. It allows you to handle authentication errors in a customized way.

Example:

@auth.error_handler
def unauthorized():
    return jsonify({"message": "Unauthorized access"}), 401

@auth.token_authentication:

If you want to implement token-based authentication, you can use this decorator to specify a function that verifies tokens.

Example:

@auth.token_authentication
def verify_token(token):
    # Check if the token is valid and return the associated user

@auth.get_password and @auth.get_user_roles:

These decorators allow you to customize how passwords and user roles are retrieved from your data source. They are useful for complex authentication systems.

Example:

@auth.get_password
def get_password(username):
    # Retrieve and return the password for the given username

Usage


users = {
    "user1": "password1",
    "user2": "password2"
}

user_roles = {
    "user1": ["admin"],
    "user2": ["user"]
}

@auth.get_password
def get_password(username):
    return users.get(username)

@auth.get_user_roles
def get_user_roles(user):
    return user_roles.get(user)

tokens = {
    "token1": "user1",
    "token2": "user2"
}

@auth.verify_token
def verify_token(token):
    if token in tokens:
        return tokens[token]

PreviousFlask Demo - 02 NextFlask Demo - 04

Last updated 1 year ago

users = { "user1": "password1", "user2": "password2" } user_roles = { "user1": ["admin"], "user2": ["user"] } @auth.get_password def get_password(username): return users.get(username) @auth.get_user_roles def get_user_roles(user): return user_roles.get(user) tokens = { "token1": "user1", "token2": "user2" } @auth.verify_token def verify_token(token): if token in tokens: return tokens[token]