Security¶
HTTPBasicAuth (_AuthBase, HTTPBasicAuth)
¶
Flask-HTTPAuth's HTTPBasicAuth with some modifications.
- Add an authentication error handler that returns JSON response.
- Expose the
auth.current_useras a property. - Add a
descriptionattribute for OpenAPI Spec.
Examples:
from apiflask import APIFlask, HTTPBasicAuth
app = APIFlask(__name__)
auth = HTTPBasicAuth()
Source code in apiflask/security.py
class HTTPBasicAuth(_AuthBase, BaseHTTPBasicAuth):
"""Flask-HTTPAuth's HTTPBasicAuth with some modifications.
- Add an authentication error handler that returns JSON response.
- Expose the `auth.current_user` as a property.
- Add a `description` attribute for OpenAPI Spec.
Examples:
```python
from apiflask import APIFlask, HTTPBasicAuth
app = APIFlask(__name__)
auth = HTTPBasicAuth()
```
"""
def __init__(
self,
scheme: str = 'Basic',
realm: t.Optional[str] = None,
description: t.Optional[str] = None
) -> None:
"""Initialize an `HTTPBasicAuth` object.
Arguments:
scheme: The authentication scheme used in the `WWW-Authenticate`
header. Defaults to `'Basic'`.
realm: The realm used in the `WWW-Authenticate` header to indicate
a scope of protection, defaults to use `'Authentication Required'`.
description: The description of the security scheme.
"""
BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
super().__init__(description=description)
__init__(self, scheme='Basic', realm=None, description=None)
special
¶
Initialize an HTTPBasicAuth object.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
scheme |
str |
The authentication scheme used in the |
'Basic' |
realm |
Optional[str] |
The realm used in the |
None |
description |
Optional[str] |
The description of the security scheme. |
None |
Source code in apiflask/security.py
def __init__(
self,
scheme: str = 'Basic',
realm: t.Optional[str] = None,
description: t.Optional[str] = None
) -> None:
"""Initialize an `HTTPBasicAuth` object.
Arguments:
scheme: The authentication scheme used in the `WWW-Authenticate`
header. Defaults to `'Basic'`.
realm: The realm used in the `WWW-Authenticate` header to indicate
a scope of protection, defaults to use `'Authentication Required'`.
description: The description of the security scheme.
"""
BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
super().__init__(description=description)
HTTPTokenAuth (_AuthBase, HTTPTokenAuth)
¶
Flask-HTTPAuth's HTTPTokenAuth with some modifications.
- Add an authentication error handler that returns JSON response.
- Expose the
auth.current_useras a property. - Add a
descriptionattribute for OpenAPI Spec.
Examples:
from apiflask import APIFlask, HTTPTokenAuth
app = APIFlask(__name__)
auth = HTTPTokenAuth()
Source code in apiflask/security.py
class HTTPTokenAuth(_AuthBase, BaseHTTPTokenAuth):
"""Flask-HTTPAuth's HTTPTokenAuth with some modifications.
- Add an authentication error handler that returns JSON response.
- Expose the `auth.current_user` as a property.
- Add a `description` attribute for OpenAPI Spec.
Examples:
```python
from apiflask import APIFlask, HTTPTokenAuth
app = APIFlask(__name__)
auth = HTTPTokenAuth()
```
"""
def __init__(
self,
scheme: str = 'Bearer',
realm: t.Optional[str] = None,
header: t.Optional[str] = None,
description: t.Optional[str] = None
) -> None:
"""Initialize a `HTTPTokenAuth` object.
Arguments:
scheme: The authentication scheme used in the `WWW-Authenticate`
header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
realm: The realm used in the `WWW-Authenticate` header to indicate
a scope of protection, defaults to use `'Authentication Required'`.
header: The custom header where to obtain the token (instead
of from `Authorization` header). If a custom header is used,
the scheme should not be included. Example:
```
X-API-Key: this-is-my-token
```
description: The description of the security scheme.
"""
BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
super().__init__(description=description)
__init__(self, scheme='Bearer', realm=None, header=None, description=None)
special
¶
Initialize a HTTPTokenAuth object.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
scheme |
str |
The authentication scheme used in the |
'Bearer' |
realm |
Optional[str] |
The realm used in the |
None |
header |
Optional[str] |
The custom header where to obtain the token (instead
of from |
None |
description |
Optional[str] |
The description of the security scheme. |
None |
Source code in apiflask/security.py
def __init__(
self,
scheme: str = 'Bearer',
realm: t.Optional[str] = None,
header: t.Optional[str] = None,
description: t.Optional[str] = None
) -> None:
"""Initialize a `HTTPTokenAuth` object.
Arguments:
scheme: The authentication scheme used in the `WWW-Authenticate`
header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
realm: The realm used in the `WWW-Authenticate` header to indicate
a scope of protection, defaults to use `'Authentication Required'`.
header: The custom header where to obtain the token (instead
of from `Authorization` header). If a custom header is used,
the scheme should not be included. Example:
```
X-API-Key: this-is-my-token
```
description: The description of the security scheme.
"""
BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
super().__init__(description=description)
External documentation¶
See Flask-HTTPAuth's API docs for the full usage of the following classes: