Type of g.flask_httpauth_user

[tabebqena]

After successful authentication, What is the type of g.flask_httpauth_user that is added by the @login_required decorator?

I expect to find user object, But As I can understand from the source code, It is always str or None. In the case of string it will be the username.
If my note is true, It will is better to change this behavior to store user object. If this will break the backword compatibility, I suggest to add optional user loader callback, that will be called after successful login.

The current behavior break the example mentioned :

`@bp.route('/tokens', methods=['POST'])
 @basic_auth.login_required
def get_token():
    token = basic_auth.current_user().get_token()
    db.session.commit()
    return jsonify({'token': token})` 

basic_auth.current_user() return the g.flask_httpauth_user which has no method named get_token()

Thank you.

Version: 4.4.0

[miguelgrinberg]

The g.flask_httpauth_user attribute is not public, you are not supposed to use it directly. The basic_auth.current_user() method returns the user object that you returned in the verify_password callback.

[tabebqena]

Thanks for your response.
But, How g.flask_httpauth_user is not public? we can access it from anyware including templates !

[miguelgrinberg]

@tabebqena You can access a lot of things that you are not supposed to use directly. g.flask_httpauth_user is not documented, so when something is not in the documentation it means that you use it at your own risk. I do not have an obligation to preserve it in future releases.

[tabebqena]

Thanks for clarification.