Welcome to Flask-Security

Flask-Security allows you to quickly add common security mechanisms to your Flask application. They include:

1. Session based authentication

2. Role and Permission management

3. Password hashing

4. Basic HTTP authentication

5. Token based authentication

6. Token based account activation (optional)

7. Token based password recovery / resetting (optional)

8. Two-factor authentication (optional)

9. Unified sign in (optional)

10. User registration (optional)

11. Login tracking (optional)

12. JSON/Ajax Support

13. WebAuthn Support (optional)

14. Use ‘social’/Oauth for authentication (e.g. google, github, ..) (optional)

Many of these features are made possible by integrating various Flask extensions and libraries. They include:

• Flask-Login

• Flask-Mailman

• Flask-Principal

• Flask-WTF

• itsdangerous

• passlib

• QRCode

• webauthn

• authlib

Additionally, it assumes you’ll be using a common library for your database connections and model definitions. Flask-Security supports the following Flask extensions out of the box for data persistence:

1. Flask-SQLAlchemy

2. Flask-MongoEngine

3. Peewee Flask utils

4. PonyORM - NOTE: not currently supported.

5. SQLAlchemy sessions

Getting Started

• Installation
• Quick Start
  • Basic SQLAlchemy Application
  • Basic SQLAlchemy Application with session
  • Basic MongoEngine Application
  • Basic Peewee Application
  • Mail Configuration
  • Proxy Configuration
  • Unit Testing Your Application
• Features
  • Session Based Authentication
  • Role/Identity Based Access
  • Password Hashing
  • Password Validation and Complexity
  • Basic HTTP Authentication
  • Token Authentication
  • Two-factor Authentication
  • Unified Sign In
  • WebAuthn
  • Email Confirmation
  • Password Reset/Recovery
  • User Registration
  • Password Change
  • Login Tracking
  • JSON/Ajax Support
  • Command Line Interface
  • Social/Oauth Authentication
• Configuration
  • Core
  • Core - Multi-factor
  • Core - rarely need changing
  • Login/Logout
  • Registerable
  • Confirmable
  • Changeable
  • Recoverable
  • Two-Factor
  • Unified Signin
  • Passwordless
  • Trackable
  • WebAuthn
  • Recovery Codes
  • Social Oauth
  • Feature Flags
  • URLs and Views
  • Template Paths
  • Messages
• Models
  • Additional Functionality

Customizing and Usage Patterns

• Customizing
  • Views
  • Forms
  • Localization
  • Emails
  • Responses
  • Redirects
• WebAuthn
  • Key Concepts
  • Configuration
• Two-factor Configurations
  • Basic SQLAlchemy Two-Factor Application
  • Adding SMS
  • Theory of Operation
  • Validity
• Working with Single Page Applications
  • Configuration
  • Security Considerations
  • Nginx
  • Amazon lambda gateway / Serverless
• Security Patterns
  • Authentication and Authorization
  • Password Validation and Complexity
  • Generic Responses - Avoiding User Enumeration
  • CSRF

API

• API
  • Core
  • Protecting Views
  • User Object Helpers
  • Datastores
  • Utils
  • Extendable Classes
  • Forms
  • Signals

Additional Notes

• Contributing
  • Checklist
  • Getting the code
  • Updating the Swagger API document
  • Updating Translations
  • Testing
• Flask-Security Changelog
  • Version 5.2.0
  • Version 5.1.2
  • Version 5.1.1
  • Version 5.1.0
  • Version 5.0.2
  • Version 5.0.1
  • Version 5.0.0
  • Version 4.1.5
  • Version 4.1.4
  • Version 4.1.3
  • Version 4.1.2
  • Version 4.1.1
  • Version 4.1.0
  • Version 4.0.1
  • Version 4.0.0
  • Version 4.0.0rc2
  • Version 3.4.5
  • Version 3.4.4
  • Version 3.4.3
  • Version 3.4.2
  • Version 3.4.1
  • Version 3.4.0
  • Version 3.3.3
  • Version 3.3.2
  • Version 3.3.1
  • Version 3.3.0
  • Version 3.2.0
  • Version 3.1.0
  • Version 3.0.2
  • Version 3.0.1
  • Version 3.0.0
  • Version 1.7.5
  • Version 1.7.4
  • Version 1.7.3
  • Version 1.7.2
  • Version 1.7.1
  • Version 1.7.0
  • Version 1.6.9
  • Version 1.6.8
  • Version 1.6.7
  • Version 1.6.6
  • Version 1.6.5
  • Version 1.6.4
  • Version 1.6.3
  • Version 1.6.2
  • Version 1.6.1
  • Version 1.6.0
  • Version 1.5.4
  • Version 1.5.3
  • Version 1.5.2
  • Version 1.5.1
  • Version 1.5.0
  • Version 1.2.3
  • Version 1.2.2
  • Version 1.2.1
  • Version 1.2.0
  • Version 1.1.0
• Development Lead
• Maintainer
• Patches and Suggestions