Welcome to Flask-Security

Flask-Security: add a drop of security to your Flask application.

Flask-Security allows you to quickly add common security mechanisms to your Flask application. They include:

  1. Authentication (via session, Basic HTTP, or token)

  2. User registration (optional)

  3. Role and Permission management

  4. Account activation (via email confirmation) (optional)

  5. Password management (recovery and resetting) (optional)

  6. Two-factor authentication (optional)

  7. WebAuthn Support (optional)

  8. Use ‘social’/Oauth for authentication (e.g. google, github, ..) (optional)

  9. Change email (optional)

  10. Login tracking (optional)

  11. JSON/Ajax Support

Many of these features are made possible by integrating various Flask extensions and libraries. They include:

Additionally, it assumes you’ll be using a common library for your database connections and model definitions. Flask-Security supports the following Flask extensions out of the box for data persistence:

  1. Flask-SQLAlchemy

  2. MongoEngine

  3. Peewee Flask utils

  4. PonyORM - NOTE: not currently working - Help needed!.

  5. SQLAlchemy sessions

Getting Started

Customizing and Usage Patterns

API

Additional Notes