Flask Web Development

9.

User Authentication and Authorization

9.1.

Authentication Concepts

9.1.1.

Authentication vs Authorization

9.1.2.

Authentication Methods

9.1.3.

Session-Based Authentication

9.1.4.

Token-Based Authentication

9.1.5.

Multi-Factor Authentication

9.2.

Password Security

9.2.1.

Password Hashing

9.2.1.1.

9.2.1.2.

Salt Generation

9.2.1.3.

Password Hashing Libraries

9.2.1.3.1.

Werkzeug Security

9.2.1.3.2.

9.2.1.3.3.

9.2.2.

Password Policies

9.2.3.

Password Storage Best Practices

9.2.4.

Password Reset Mechanisms

9.3.

Session Management

9.3.1.

Flask Session Object

9.3.2.

Session Configuration

9.3.3.

Session Security

9.3.3.1.

Session Cookies

9.3.3.2.

Session Hijacking Prevention

9.3.3.3.

Session Fixation Prevention

9.3.4.

Session Storage Options

9.3.5.

Session Lifetime Management

9.4.

Flask-Login Extension

9.4.1.

Installation and Setup

9.4.2.

User Model Requirements

9.4.2.1.

UserMixin Class

9.4.2.2.

Required Methods

9.4.2.2.1.

is_authenticated

9.4.2.2.2.

9.4.2.2.3.

9.4.2.2.4.

9.4.3.

Login Manager Configuration

9.4.4.

User Loader Function

9.4.5.

9.4.5.1.

9.4.5.2.

User Verification

9.4.5.3.

login_user() Function

9.4.6.

9.4.6.1.

logout_user() Function

9.4.6.2.

Session Cleanup

9.4.7.

Route Protection

9.4.7.1.

@login_required Decorator

9.4.7.2.

Anonymous User Handling

9.4.8.

User Registration

9.4.8.1.

Registration Forms

9.4.8.2.

9.4.8.3.

Email Verification

9.4.9.

Remember Me Functionality

9.4.9.1.

Remember Me Tokens

9.4.9.2.

9.4.9.3.

Token Expiration

9.4.10.

Current User Access

9.4.10.1.

current_user Proxy

9.4.10.2.

9.5.

Authorization and Access Control

9.5.1.

Role-Based Access Control (RBAC)

9.5.1.1.

Role Definition

9.5.1.2.

Permission Systems

9.5.1.3.

Role Assignment

9.5.2.

Permission Decorators

9.5.3.

View-Level Authorization

9.5.4.

Template-Level Authorization

9.5.5.

Resource-Based Authorization

9.6.

Advanced Authentication Topics

9.6.1.

OAuth Integration

9.6.2.

9.6.3.

API Authentication

9.6.4.

9.6.5.

Single Sign-On (SSO)

Previous

8. Structuring Larger Applications

Go to top

Next

10. Building RESTful APIs