Using Flask-Security to authenticate REST API

python rest flask flask-login flask-security
emillamm picture emillamm · May 29, 2014 · Viewed 8.1k times · Source

I am using Flask-Security to build a web app that has a public REST API. I am trying to figure out how to add user registration and login using REST calls only. It is fairly easy to create a user using user_datastore.create_user. But how can I then login the user, using a REST call?
If flask_security.utils.login_user took username+password or a token as an argument, it would be easy, but it takes a user object instead? The documentation shows how to register and login using forms and views, but I need to be able to register and login from an IOS device (using RESTkit).

Answer

Sean Vieira picture Sean Vieira · May 30, 2014

You will either want to use flask_security.decorators.auth_token_required along with SECURITY_TOKEN_AUTHENTICATION_KEY or SECURITY_TOKEN_AUTHENTICATION_HEADER (depending on whether you want to pass the token in the URL or in a header) or you can override flask_security.core.UserMixin.get_auth_token for your User class and Flask-Security will do the right thing.

Related questions

Flask example with POST

Suppose the following route which accesses an xml file to replace the text of a specific tag with a given xpath (?key=): @app.route('/resource', methods = ['POST']) def update_text(): # CODE Then, I would use cURL like this: curl …

Read More
How can I add a background thread to flask?

I'm busy writing a small game server to try out flask. The game exposes an API via REST to users. It's easy for users to perform actions and query data, however I'd like to service the "game world" outside the …

Read More
flask restful: passing parameters to GET request

I want to create a resource that supports GET request in following way: /bar?key1=val1&key2=val2 I tried this code, but it is not working app = Flask(__name__) api = Api(app) class BarAPI(Resource): def get(key1, …

Read More