Skip to content

Commit

Permalink
Added support for multiple authentication methods
Browse files Browse the repository at this point in the history
  • Loading branch information
miguelgrinberg committed Mar 13, 2016
1 parent 8b427b9 commit 6c3f94d
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 2 deletions.
15 changes: 13 additions & 2 deletions docs/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ For the most degree of flexibility the `get_password` and `hash_password` callba
def verify_pw(username, password):
return call_custom_verify_function(username, password)

In the examples directory you can find an example called `basic_auth.py` that shows how a `verify_password` callback can be used to securely work with hashed passwords.

Digest authentication example
-----------------------------

Expand Down Expand Up @@ -123,8 +125,8 @@ As an alternative to using server-side sessions, an application can implement it

For information of what the ``nonce`` and ``opaque`` values are and how they are used in digest authentication, consult `RFC 2617 <http://tools.ietf.org/html/rfc2617#section-3.2.1>`_.

Custom Authentication Scheme Example
------------------------------------
Token Authentication Scheme Example
-----------------------------------

The following example application uses a custom HTTP authentication scheme to protect route ``'/'`` with a token::

Expand Down Expand Up @@ -160,6 +162,15 @@ The ``HTTPTokenAuth`` is a generic authentication handler that can be used with

The ``verify_token`` callback receives the authentication credentials provided by the client on the ``Authorization`` header. This can be a simple token, or can contain multiple arguments, which the function will have to parse and extract from the string.

In the examples directory you can find a complete example that uses JWT tokens.

Using Multiple Authentication Schemes
-------------------------------------

Applications sometimes need to support a combination of authentication methods. For example, a web application could be authenticating by sending client id and secret over basic authentication, while third party API clients use a JWT bearer token. The `MultiAuth` class allows you to protect a route with more than one authentication object. To grant access to the endpoint, one of the authentication methods must validate.

In the examples directory you can find a complete example that uses basic and token authentication.

Deployment Considerations
-------------------------

Expand Down
21 changes: 21 additions & 0 deletions flask_httpauth.py
Original file line number Diff line number Diff line change
Expand Up @@ -239,3 +239,24 @@ def authenticate(self, auth, stored_password):
if self.verify_token_callback:
return self.verify_token_callback(token)
return False


class MultiAuth(object):
def __init__(self, main_auth, *args):
self.main_auth = main_auth
self.additional_auth = args

def login_required(self, f):
@wraps(f)
def decorated(*args, **kwargs):
selected_auth = None
if 'Authorization' in request.headers:
scheme, creds = request.headers['Authorization'].split(None, 1)
for auth in self.additional_auth:
if auth.scheme == scheme:
selected_auth = auth
break
if selected_auth is None:
selected_auth = self.main_auth
return selected_auth.login_required(f)()
return decorated

0 comments on commit 6c3f94d

Please sign in to comment.