Implements RFC 7804 Salted Challenge Response (SCRAM) HTTP Authentication Mechanism for the Flask web framework.
See requests-scram for a client-side implementation.
Initialize the extension with the application or with init_app
in an application factory, and then decorate your
route with the login_required
method:
from flask import Flask
from flask_scram import Scram
USERNAME = 'user'
PASSWORD = 'pass'
app = Flask(__name__)
db = {}
def auth_fn(username):
return db[username]
scram = ScramAuth(app, auth_fn=auth_fn)
# or, later in your application factory: scram.init_app(app)
# store your authentication key in your "database"
db[USERNAME] = scram.make_auth_info(PASSWORD)
@app.route("/")
@scram.login_required
def index():
return "OK"
You may specify the following configuration variables:
SCRAM_MECHANISM
- supported SCRAM Authentication mechanism e.g.SCRAM-SHA-256
SCRAM_REALM
- the realm parameter to use e.g. defaults torequest.host
You may also use the authenticate
method in your code or before request handler.
See scramp for examples of the make_auth_info
and
make_stored_server_keys
functions which the same methods implement.
- Implement One Round-Trip Reauthentication
Licensed under the MIT License.