I'm trying to build a token based backend (API) for an app using Flask in which I'm trying to use Flask_Security. Since I'm using the Peewee ORM, I've followed this guide to build the basic setup and I now have to build the views which should login the user and then a view which actually serves some useful data.
So my login view which returns the token looks like this:
@app.route('/api/login', methods=['POST'])
def api_login():
requestJson = request.get_json(force=True)
user = User.select().where(User.username == requestJson['username']).where(User.password == requestJson['password']).first()
if user:
return jsonify({'token': user.get_auth_token()})
else:
return jsonify({'error': 'LoginError'})
This works fine; I get a token as a response. I now want to protect another view using auth_token_required and I want to use the token as a header. So I try this as follows:
@app.route('/api/really-important-info')
@auth_token_required('SECURITY_TOKEN_AUTHENTICATION_HEADER')
def api_important_info():
return jsonify({'info': 'really important'})
But starting Flask results in an AttributeError: 'str' object has no attribute '__module__'. The documentation isn't very helpful on its usage either.
Does anybody know how I can get this to work? Any tips are welcome!
The error is because the decorator does not expect any arguments (besides the function it is decorating).
@auth_token_required
def api_important_info():
pass
The configuration values SECURITY_TOKEN_AUTHENTICATION_KEY or SECURITY_TOKEN_AUTHENTICATION_HEADER represent the location in the query params or headers, respectively, of an incoming request.
Flask-Security automatically sends this token to the client for future use when a JSON request is made to the login route.
You may be confused by the multiple authentication methods that Flask-Security provides. Auth tokens are useful for apis where you don't have a session cookie managed by the browser. The "normal" session based authentication is handled with login_required.