Home >Backend Development >Python Tutorial >Flask-RESTful and Flask-HTTPAuth: Best practices for user authentication and authorization in Python web applications
With the popularity of web applications, user authentication and authorization have become increasingly important. These features protect sensitive data and important functionality in web applications so that only authorized users can access them. The Python language provides many libraries and frameworks that make it easier to implement user authentication and authorization in web applications. This article will introduce two Python libraries: Flask-RESTful and Flask-HTTPAuth, which are best practices for implementing authentication and authorization in web applications.
pip install Flask pip install Flask-RESTful pip install Flask-HTTPAuth
Next, you need to import Flask-RESTful and Flask-HTTPAuth into the Flask application:
from flask import Flask from flask_restful import Api, Resource from flask_httpauth import HTTPBasicAuth app = Flask(__name__) api = Api(app) auth = HTTPBasicAuth()
Then, a registered user can be created for authentication:
users = { "john": "hello", "susan": "bye" } @auth.get_password def get_password(username): if username in users: return users.get(username) return None
A simple user dictionary (username and password) is defined here and passed to Flask-HTTPAuth through the get_password callback function. In the get_password function, first determine whether the user name in the request is in the user dictionary. If it exists, the user's password is returned; otherwise, None is returned, indicating that the authentication failed.
Now, Flask-RESTful and Flask-HTTPAuth can be applied to applications to implement authentication and authorization to APIs. Here is an example:
class PrivateResource(Resource): @auth.login_required def get(self): return {"message": "Hello, %s!" % auth.username()}, 200 api.add_resource(PrivateResource, '/private')
In the above code, a protected resource PrivateResource is created, using the login_required decorator in Flask-HTTPAuth for authentication. If the username and password in the request match, calling the get method returns a JSON object containing the username.
After creating the route, you can run the Flask application and authenticate using username and password:
$ curl -u john:hello http://localhost:5000/private {"message": "Hello, john!"} $ curl -u susan:bye http://localhost:5000/private {"message": "Hello, susan!"}
The above is the detailed content of Flask-RESTful and Flask-HTTPAuth: Best practices for user authentication and authorization in Python web applications. For more information, please follow other related articles on the PHP Chinese website!