Flask login mechanisim to authenticate per token my calls

Question

Hi I was looking at flask-login at handles the session login nicely, this work good for templating and views where I have access to the session.

Nevertheless I have been trying to know if there is a way I can send a user_token to authorized a call. I looked at the documentstion and is very vague regarding this. It said that I should

• Implement get_auth_token in my User object.
• Decorte a @user_loader function that can load the user token base.

I have though seen the following (please correct me If I am wrong)

• Cookie base to store the auth token is there a way I can decide to send the token as part of the parameters, body or in the headers insteado having to get it from the cookie.
• I am not quite sure how to authenticate a call with auth token.

Answer 1

I got a Way better approach that fits better my needs. Basically I extends LoginManager pretty easy and straighfoward if you take a look at the source of flask-plugin you come to realize that there is a call that is made @before_request there is a method called reload_user, this is the what I end up doing

class CustomLoginManager(LoginManager):
    def reload_user(self):
        if request.headers.has_key('Authorization'):
            ctx = _request_ctx_stack.top
            ctx.user = User.get(token=request.headers['Authorization'])
            return
        super(CustomLoginManager,self).reload_user()

If in my header I pass an authorization key then I will try to load using this key instead of session based approach, of course I am going to need to add more security layer to this approach proably by signing the key but overall this was what I needed.

Thanks all.

BTW you can override a bunch of others method and I highly recomend to take a look at the plugin source, so you can understand more deeply what it does 644 lines of codes worth reading

https://github.com/maxcountryman/flask-login/blob/master/flask_login.py