Skip to main content

Authentication plugin for Keg

Project description

Keg Auth’s Readme

Flask extension in the Keg ecosystem to wrap authentication and authorization functionality. Keg-Auth provides helpers for auth model, view/authorization setup, protected navigation menus, and more.


  • Bare functionality: pip install keg-auth

  • With mail (i.e. with a mail manager configured, see below): pip install keg-auth[mail]

  • JWT (for using JWT tokens as authenticators): pip install keg-auth[jwt]

  • LDAP (for using LDAP target for authentication): pip install keg-auth[ldap]

  • OAuth (e.g. Google Auth): pip install keg-auth[oauth]

  • Internationalization extensions: pip install keg-auth[i18n]

A Simple Example

For a simple example and a checklist of sorts for app setup, see the Getting Started guide in the docs.


Typical usage is demonstrated in


To run this project’s tests:

  • Copy ->, update as needed

  • Override database addr &/or port with environment vars or docker compose override if needed.

  • docker-compose up [-d]

  • tox …

There is a test application defined that can be ran like:

  • cd keg_auth_ta

  • python …


0.7.3 released 2023-10-17

  • use oauth authenticator class passed to auth manager (b6feae6)

  • trap permissions error emitted by sqlite db on sync (ba0d3b2)

0.7.2 released 2023-05-22

  • handle multiple potential session cookies resulting from werkzeug 2.3 and flask 2.3 changes (8b4680e)

0.7.1 released 2023-05-12

  • allow request loaders to be specified directly to requires decorators (cd42358)

0.7.0 released 2023-03-03

  • support SQLAlchemy 2.0 (88a6173)

  • support keg testing app context changes (d0ec64f)

0.6.2 released 2022-12-20

  • trap the unknown hash error to prevent invalid password data from causing app errors refs #160 (5f2b721)

0.6.1 released 2022-12-15

  • support multiple db sessions when running auth tests (a5cab4a)

  • fixed upgrade notes in documentation (b537bba)

0.6.0 released 2022-12-12

  • update documentation of breaking changes (1ebb337)

  • BC break support keg-elements 0.8.0 (6d4b251)

  • log attempts when form validation fails, and when csrf doesn’t validate (60edacb)

  • resolve field order error when disabled_utc missing from user form fields (0e2ae74)

  • document known data migration issue (23ec6fe)

  • pin python-ldap to version in package index (0b1d2b7)

  • apply workaround to support testing with flask-login 0.6.2 (d1446a9)

  • drop deprecated OIDC code and any remaining python 2 references (10b1144)

0.5.7 released 2022-08-12

  • prevent attempt tests from failing when certain config values are set in app (b2f7e27)

0.5.6 released 2022-08-12

  • skip attempt tests during execution to avoid import order issues (8ea6f57)

0.5.5 released 2022-08-10

  • flash on login for users disabled by date, autoclear disabled date when re-enabling (9330f62)

0.5.4 released 2022-07-08

  • case insensitive match on user id (d01c310)

  • use relative URLs in tests (6d6f959)

0.5.3 released 2022-02-24

  • fix integrated auth tests (4318826)

0.5.2 released 2022-02-24

  • add OAuth authenticator to replace deprecated OIDC implementation (606c952)

  • add basic user/group/bundle CRUD tests to the integrated auth tests (0c84a2d)

  • BC break require rate-limiting setup by default, simplify configuration (7d7b532)

0.5.1 released 2022-02-22

  • warn on usage of OIDC authenticator due to current breakage in flask-oidc (c582781)

  • potential BC break use keg-elements field ordering scheme on the User form (ee31b79)

  • add class and code options to NavItems for better control of rendering (2842cc2)

  • clear flask session on logout, behavior can be turned off via config setting (71e6b10)

  • stop overriding a title block in templates, use config value to set the proper variable for the app template (210f227)

  • load orm entity in CRUD method (89bc7d4)

0.5.0 released 2022-02-21

  • use the Bootstrap 4 base form template from keg-elements (16c393a)

  • shift to authlib for verification token generate/verify - support generated itsdangerous tokens for now refs #147 (e96ac2e)

0.4.2 released 2022-01-20

  • replace commonmark with markdown-it-py (8b4822d)

0.4.1 released 2021-11-29

  • fix navigation use of callable permissions on classes/blueprints (f19f513)

  • user form: don’t assume csrf_token field exists (07fe642)

  • improve testing developer ux (b687c72)

0.4.0 released 2021-09-13

  • ensure grid header posts are supported (e0638dc)

  • shift to use Bootstrap 4 templates by default (39335bc)

  • centralize validation of permission sets in testing (9f04f1d)

  • ViewTestBase no longer delete users in setup, and provide hooks into user creation (7d72fc3)

  • enhance navigation menu options for login/logout cases (667a1ac)

  • rename package for proper semantics (6a6a202)

0.3.0 released 2021-07-06

  • click changed output for hidden inputs, resolve for set-password CLI (6cd5a09)

  • update python requirements and pip usage (760da0b)

  • add options to exclude specific HTTP methods from auth checks (b66d090)

  • update JWT usage to reflect flask-jwt-extended 4.0 breaking changes (1cd0895)

  • switch ldap requirement to python-ldap (63485f3)

0.2.28 released 2021-04-20

  • support args in http head requests (97f8961)

  • pin flask-jwt-extended < 4 until we support the update

0.2.27 released 2021-02-02

  • fix documentation of internationalization support (8a41f03)

  • make form/crud templates less opinionated about how base templates render page title (0b71303)

0.2.26 released 2021-01-29

  • Provide Spinx documentation (62aca54)

  • Provide a default JS handler for confirm-delete in crud-list (7b6785a)

  • Use marksafe and jinja templates instead of webhelpers2 (8f68e07)

  • Allow user to prevent sending welcome email after user form (3bb8f7a)

  • Validate that create_form returned a value (83ff034)

  • Trap integrity error on permission sync to mitigate race condition (4d7497c)

  • Move disabled_utc to be with the other fields (dd1bf5e)

0.2.25 released 2020-12-08

  • CRUD view passes through args set with self.assign (efeb7b7)

  • CRUD view edit/delete performs authorization prior to ID lookup (efeb7b7)

  • CRUD view added webgrid render limit handling (efeb7b7)

0.2.24 released 2020-07-09

  • Fix inconsistent CLI argument ordering in tests (d9a62c0)

0.2.23 released 2020-06-11

  • Allow applications to enforce custom password policies (7111c20)

  • Check translations in CI (825d32e)

0.2.22 released 2020-04-16

  • Allow rate-limiting of login and password resets (d243b75)

  • Add more config flexibility for OIDC (39beae0)

0.2.21 released 2020-04-02

  • Resolve fuzzy/missing translations (a78de96)

  • Add inactivation date for users (requires migration to add a field) (0020fbd)

  • Support latest Flask-Login (ba59925)

  • Allow unverified users to reset their passwords (8888386)

  • Pin keg-elements requirement to support CRUD checkboxes (e59fcc1)

  • Include an Allow header for 405 responses (a2a3091)

  • Support multiple LDAP targets (b895aad)

  • Handle HEAD requests (b16a7e4)

  • Remove six dependency (477a415)

0.2.20 released 2020-03-24

  • OIDC and related updates (fab68f5)

  • Add OIDC authenticator and login/logout view responders

  • Fix missing page header for Permissions view

  • Allow passing blueprint kwargs to make_blueprint

  • Easier disabling of specific auth views

  • Allow view responder flash messages to be disabled

  • Drop bulk permission controls (better templating now in keg-elements)

0.2.19 released 2020-02-21

  • Improve Usability of Permission Dropdown (479e985)

  • Pin Flask Login (00ea957)

0.2.18 released 2020-01-10

  • add CLI command for dev to set password (d488bc9)

0.2.17 released 2019-12-12

  • ensure token is present for resending verification email (01b566f)

0.2.16 released 2019-12-02

  • fix CRUD edit form default values for relationships (01893f9)

0.2.15 released 2019-11-27

  • fix bundle grid setup for CRUD view (b772f01)

0.2.14 released 2019-11-21

  • fix template issue related to select2 updates (373739b)

  • make auth testing helpers more generic (b90ee96)

0.2.13 released 2019-11-08

  • use select2 to render selects on the user management views (30ff332)

  • fix breakage with keg 0.8.1 (3f5668d)

  • adjust CI environments to use (b9b4fb4)

  • auth test helpers use endpoints to find correct url (76a1222)

0.2.12 released 2019-10-03

  • support decorating flask class-based views (3d8a6cb)

  • fix LDAP authenticator for missing user case (19d184e)

0.2.11 released 2019-09-27

  • fix permission sync method and test hook (a56eda4)

  • fix FontAwesome usage on CRUD list view template (64f759a)

  • support lazy strings and icons in navigation helpers and templates (4473571)

  • remove flask version pin (ab47362)

0.2.10 released 2019-09-18

  • fix testing utils mock import to prevent needing mock dependency (da197df)

0.2.9 released 2019-07-27

  • Provide a hook on the CRUD base class to allow overriding the default add url generation (#74) (7eea8bb)

0.2.8 released 2019-06-17

  • resolve bug in testing permission existence check (feccb98)

0.2.7 released 2019-06-07

  • make custom action access control easier (63921ee)

  • enforce test permissions are specified to the auth manager (794f320)

  • correct the MRO order in CRUD forms and testing models (2f4c451)

  • add get_current_user helper method (cae02a2)

  • make grid action column link CSS classes customizable (aa1bc21)

  • ensure CRUD view passes in desired template args (aae3dad)

0.2.6 released 2019-02-12

  • Merge pull request #60 from level12/move-sync-perms-to-entity (3181691)

  • update readme to remove reference to view-scoped authenticators (514c202)

0.2.5 released 2018-11-14

  • Allow make_blueprint to accept a custom blueprint class (fe635b2)

  • Add a link to resend verification email (f7a6191)

  • Add optional i18n support using morphi (790d3ab)

  • Fix intermittent test failure resulting from login timestamp (cde083b)

  • Refactor CRUD form/grid render to extract template args (34d4a20)


  • Show verification URL on CLI even if mail flag is off


  • Fix requires_user decorator for usage with blueprints


  • Fix nav items to cache on per user basis

  • Fix token generated in CLI having an unknown timezone applied


  • Support permissions

  • Decorate blueprints, classes, methods for user/permission requirements

  • Support request loaders for tokens


  • Initial release

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Keg-Auth-0.7.3.tar.gz (121.7 kB view hashes)

Uploaded Source

Built Distribution

Keg_Auth-0.7.3-py2.py3-none-any.whl (118.8 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page