You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The @requires_indieauth decorator does not currently support reading access tokens from session storage. I was wondering if this is something you had considered adding to the Flask-IndieAuth extension at some point.
I am not as aware of the security ramifications of such an implementation. But, I would love to start a discussion around whether Flask-IndieAuth could add a rule that lets one authenticate if session["access_token"] is present. This would let someone view any web resource (i.e. a HTML page or a JSON file) in their browser using the Flask-IndieAuth extension.
The text was updated successfully, but these errors were encountered:
This library is built specifically for use cases like Micropub endpoints that need to check the authentication of a POST where the access token is in an Authorization HTTP header or in the body parameters of that POST. It doesn't have a concept for persistent sessions, which I consider outside the scope of this library.
The @requires_indieauth decorator does not currently support reading access tokens from session storage. I was wondering if this is something you had considered adding to the Flask-IndieAuth extension at some point.
I am not as aware of the security ramifications of such an implementation. But, I would love to start a discussion around whether Flask-IndieAuth could add a rule that lets one authenticate if
session["access_token"]
is present. This would let someone view any web resource (i.e. a HTML page or a JSON file) in their browser using the Flask-IndieAuth extension.The text was updated successfully, but these errors were encountered: