Flask Demo - 03
HTTP Basic Authentication
HTTP Basic Authentication
Simplicity: Basic Authentication is simple to implement, as it doesn't require additional libraries or infrastructure. It's part of the HTTP standard.
Suitability for Simple Use Cases: It's suitable for simple, internal applications or services where ease of implementation is more critical than advanced security features.
Limited Security: The credentials are only base64 encoded, not encrypted, making it less secure unless used with HTTPS. It's also more vulnerable to CSRF (Cross-Site Request Forgery) attacks.
Stateful: Basic Authentication is typically stateful, requiring the server to maintain session state, which can be a drawback in distributed systems.
python3 api_demo/flask_03_basic_auth_app.py
http://127.0.0.1:5003/items
Other @auth decorators
Other @auth decorators
@auth.verify_password
:
This decorator defines a function that verifies user credentials during authentication.
Example:
@auth.verify_password def verify_password(username, password): # Check username and password, return username if authentication succeeds
auth.username()
:
After successful authentication, you can use
auth.username()
to retrieve the authenticated username within a route function.Example:
@app.route('/profile') @auth.login_required def get_profile(): username = auth.username() # Use the username to fetch user-specific data
@auth.login_required
:
This decorator protects routes that require authentication. It ensures that only authenticated users can access the decorated route.
Example:
@app.route('/secure_data') @auth.login_required def secure_data(): # Only authenticated users can access this route
@auth.error_handler
:
You can define a custom error handler for authentication failures using this decorator. It allows you to handle authentication errors in a customized way.
Example:
@auth.error_handler def unauthorized(): return jsonify({"message": "Unauthorized access"}), 401
@auth.token_authentication
:
If you want to implement token-based authentication, you can use this decorator to specify a function that verifies tokens.
Example:
@auth.token_authentication def verify_token(token): # Check if the token is valid and return the associated user
@auth.get_password
and @auth.get_user_roles
:
These decorators allow you to customize how passwords and user roles are retrieved from your data source. They are useful for complex authentication systems.
Example:
@auth.get_password def get_password(username): # Retrieve and return the password for the given username
Usage
users = {
"user1": "password1",
"user2": "password2"
}
user_roles = {
"user1": ["admin"],
"user2": ["user"]
}
@auth.get_password
def get_password(username):
return users.get(username)
@auth.get_user_roles
def get_user_roles(user):
return user_roles.get(user)
tokens = {
"token1": "user1",
"token2": "user2"
}
@auth.verify_token
def verify_token(token):
if token in tokens:
return tokens[token]
Last updated