I am using Flask-Security to build a web app that has a public REST API. I am trying to figure out how to add user registration and login using REST calls only. It is fairly easy to create a user using user_datastore.create_user
. But how can I then login the user, using a REST call?
If flask_security.utils.login_user
took username+password or a token as an argument, it would be easy, but it takes a user object instead? The documentation shows how to register and login using forms and views, but I need to be able to register and login from an IOS device (using RESTkit).
您将要使用flask_security.decorators.auth_token_required
以及SECURITY_TOKEN_AUTHENTICATION_KEY
或SECURITY_TOKEN_AUTHENTICATION_HEADER
(取决于您是要在URL中还是在标头中传递令牌),或者您可以为您的User
类覆盖flask_security.core.UserMixin.get_auth_token
Flask-Security将做正确的事情。
[Writing an answer since I do not have enough credentials to comment on answer provided by Sean Vieira]
I looked a bit of Flask-Security code - it uses Flask-Login's LoginManager for this. Flask-Login in turn expects the user to define token_loader (as well as implement get_auth_token in User class)
Does Flask-Security provide "default" token_loader functionality ? Otherwise - it is same as Flask-Login
Edit: It turns out Flask-Security works just fine. I do not need to write my own token_loader. I had security code in a separate file, and that is how "magic" broke. I brought back the security code into myapp/ init .py - and documented code "works"
Edit 2: Refering to answer provided by Sean above. I don't think it is one or the other. One must use auth_token_required
decorator. Overriding get_auth_token
in User
class is optional, in case you want different implementation for token generation (I think) Overriding get_auth_token
in User
class is not sufficient.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.