Strong, Simple, and Precise security for Flask APIs
Project description
flask-praetorian
Strong, Simple, and Precise security for Flask APIs
API security should be strong, simple, and precise like a Roman Legionary. This package aims to provide that. Using JWT tokens as implemented by PyJWT, flask_praetorian uses a very simple interface to make sure that the users accessing your API’s endpoints are provisioned with the correct roles for access.
This project was heavily influenced by Flask-Security, but intends to supply only essential functionality. Instead of trying to anticipate the needs of all users, flask-praetorian will provide a simple and secure mechanism to provide security for APIs specifically.
The flask-praetorian package can be used to:
Encrypt (hash) passwords for storing in your database
Verify plaintext passwords against the encrypted, stored versions
Generate authorization tokens upon verification of passwords
Check requests to secured endpoints for authorized tokens
Ensure that the users associated with tokens have necessary roles for access
Parse user information from request headers for use in client route handlers
All of this is provided in a very simple to confiure and initialize flask extension. Though simple, the security provided by flask-praetorian is strong due to the usage of the proven security technology of JWT and python’s PassLib package.
Super-quick Start
requirements: python versions 3.4, 3.5, 3.6, and 3.7
install through pip: $ pip install flask-praetorian
minimal usage example: example/basic.py
Documentation
The complete documentation can be found at the flask-praetorian home page
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
