Most applications need to keep track of who their users are. When users connect with an application, they authenticate with it, a process by which they make their identity known. Once the application knows who the user is, it can offer a customized experience.
The most commonly used method of authentication requires users to provide a piece of identification, which is either their email address or username, and a secret only known to them, which is called the password. In this chapter, the complete authentication system for Flasky is created.
There are many excellent Python authentication packages, but none of them do everything. The user authentication solution presented in this chapter uses several packages and provides the glue that makes them work well together. This is the list of packages that will be used, and what they’re used for:
Flask-Login: Management of user sessions for logged-in users
Werkzeug: Password hashing and verification
itsdangerous: Cryptographically secure token generation and verification
In addition to authentication-specific packages, the following general-purpose extensions will be used:
Flask-Mail: Sending of authentication-related emails
Flask-Bootstrap: HTML templates
Flask-WTF: Web forms
The safety of user information stored in databases is often overlooked during the design of web applications. If an attacker is able to break into your server ...