Chapter 8. User Authentication
Most applications need to keep track of who their users are. When users connect with an application, they authenticate with it, a process by which they make their identity known. Once the application knows who the user is, it can offer a customized experience.
The most commonly used method of authentication requires users to provide a piece of identification, which is either their email address or username, and a secret only known to them, which is called the password. In this chapter, the complete authentication system for Flasky is created.
Authentication Extensions for Flask
There are many excellent Python authentication packages, but none of them do everything. The user authentication solution presented in this chapter uses several packages and provides the glue that makes them work well together. This is the list of packages that will be used, and what they’re used for:
-
Flask-Login: Management of user sessions for logged-in users
-
Werkzeug: Password hashing and verification
-
itsdangerous
: Cryptographically secure token generation and verification
In addition to authentication-specific packages, the following general-purpose extensions will be used:
-
Flask-Mail: Sending of authentication-related emails
-
Flask-Bootstrap: HTML templates
-
Flask-WTF: Web forms
Password Security
The safety of user information stored in databases is often overlooked during the design of web applications. If an attacker is able to break into your server ...
Get Flask Web Development, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.