Chapter 8. User Authentication

Most applications need to keep track of who its users are. When users connect with the application, they authenticate with it, a process by which they make their identity known. Once the application knows who the user is, it can offer a customized experience.

The most commonly used method of authentication requires users to provide a piece of identification (either their email or username) and a secret password. In this chapter, the complete authentication system for Flasky is created.

Authentication Extensions for Flask

There are many excellent Python authentication packages, but none of them do everything. The user authentication solution presented in this chapter uses several packages and provides the glue that makes them work well together. This is the list of packages that will be used:

  • Flask-Login: Management of user sessions for logged-in users
  • Werkzeug: Password hashing and verification
  • itsdangerous: Cryptographically secure token generation and verification

In addition to authentication-specific packages, the following general-purpose extensions will be used:

  • Flask-Mail: Sending of authentication-related emails
  • Flask-Bootstrap: HTML templates
  • Flask-WTF: Web forms

Password Security

The safety of user information stored in databases is often overlooked during the design of web applications. If an attacker is able to break into your server and access your user database, then you risk the security of your users, and the risk is bigger than you ...

Get Flask Web Development now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.