A Flask extension that provides PASETO (Platform-Agnostic Security Token).
Project description
Flask PASETO Extended
Flask-PASETO-Extended is a Flask extension to use PASETO (Platform-Agnostic Security Tokens) for several purposes.
For encoding/decoding PASETO, we have adopted PySETO,
which is a PASETO implementation supporting all of PASETO versions (
v4,
v3,
v2 and
v1) and purposes (local
and public
).
Currently, we provide the following classes for using PASETO with Flask.
PasetoCookieSessionInterface
- Flask (
Flask.sessions
) stores session information as a Cookie value. By using this class, you can serialize the session information as an encrypted (and then MACed) PASETO.
- Flask (
PasetoLoginManager
- By using this class together with Flask-Login, you can use PASETO for remember-me tokens which is also encoded into a Cookie value.
PasetoManager
- This class can be used for verifying public (signed) PASETO. It is suitable for using PASETO as API tokens (NOTE: under construction).
Installation
You can install Flask-PASETO-Extended with pip:
$ pip install flask-paseto-extended
Usage
Flask-PASETO-Extended provides three classes for each purpose.
PasetoCookieSessionInterface
Flask (Flask.sessions
) stores session information as a Cookie value. By using this class, you can serialize the session information as an encrypted (and then MACed) PASETO.
This class can be used as follows:
import flask
from flask_paseto_extended import PasetoCookieSessionInterface
app = flask.Flask(__name__)
app.secret_key = "super secret string"
# Use PASETO("v4" by default) for cookie sessions.
app.session_interface = PasetoCookieSessionInterface()
See examples/cookie_session.py for a sample code that actually works.
PasetoLoginManager
By using this class together with Flask-Login, you can use PASETO for remember-me tokens which is also encoded into a Cookie value.
This class can be used as follows:
import flask
import flask_login
from flask_paseto_extended import PasetoLoginManager
app = flask.Flask(__name__)
app.secret_key = "super secret string"
login_manager = PasetoLoginManager(app)
See examples/login_manager.py for a sample code that actually works.
PasetoManager
This class can be used for verifying public (signed) PASETO. It is suitable for using PASETO as API tokens (NOTE: under construction).
T.B.D.
Contributing
We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for Flask PASETO Extended-0.1.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 34cbfc4b904d2e40710300defd5934b0d0855c8ac9924d14caf680c7f0dc8078 |
|
MD5 | c6413e78c8aa9fccc5601b50be2195d6 |
|
BLAKE2b-256 | 6bb9175640425d98781fc57787418ac773440d76d19d937e873af2cf5de33acb |
Hashes for Flask_PASETO_Extended-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 05016d580ac8e80e309a62290ea0ae9ff80eea0b767d306a66352bc980b7a8e6 |
|
MD5 | 0d66b181a20ffdb1d74e8bb15c002b9d |
|
BLAKE2b-256 | 1dbb7cbc9121289924ad94cabdbd767e4de63062223f618d5495b5e5773f622e |