Welcome to Flask-Security

Flask-Security: add a drop of security to your Flask application.

Flask-Security allows you to quickly add common security mechanisms to your Flask application. They include:

  1. Session based authentication

  2. Role and Permission management

  3. Password hashing

  4. Basic HTTP authentication

  5. Token based authentication

  6. Token based account activation (optional)

  7. Token based password recovery / resetting (optional)

  8. Two-factor authentication (optional)

  9. Unified sign in (optional)

  10. User registration (optional)

  11. Login tracking (optional)

  12. JSON/Ajax Support

  13. WebAuthn Support (optional)

  14. Use ‘social’/Oauth for authentication (e.g. google, github, ..) (optional)

Many of these features are made possible by integrating various Flask extensions and libraries. They include:

Additionally, it assumes you’ll be using a common library for your database connections and model definitions. Flask-Security supports the following Flask extensions out of the box for data persistence:

  1. Flask-SQLAlchemy

  2. MongoEngine

  3. Peewee Flask utils

  4. PonyORM - NOTE: not currently working - Help needed!.

  5. SQLAlchemy sessions

Getting Started

Customizing and Usage Patterns


Additional Notes