Use flask-login unauthorized callback #101

Merged
merged 0 commits into from May 6, 2014

Conversation

Projects
None yet
4 participants

klinkin commented Mar 22, 2013

In auth_token_required and auth_required decorators better use unauthorized() callback from core flask-login. This solution is more flexible.

http://pythonhosted.org/Flask-Login/#configuring-login

Owner

mattupstate commented Mar 25, 2013

I'm not so sure this is the best approach yet. There are usually different requirements for authentication based on a token vs other methods. For instance, auth tokens are generally used for API access and it doesn't necessarily make the most sense to assume the same flow for tokens as with sessions. I'm currently trying to think of how best to be more flexible with unauthorized access flows.

klinkin commented Mar 26, 2013

In my project in the case of unauthorized access i need to return json response.
How to do this in current version of extension?

Ok - I've successfully authenticated my rest service method against token (@auth_token_required) but now how to access data from token like user_id so I can use it in protected (accessed method) ?

I've tired in documentation but without success. Goggle didn't help too.

Contributor

srijan commented Oct 28, 2013

@mattupstate Any updates on this?

I am facing the same issue (I cannot change the unauthorized message).

Maybe you could create another callback for auth token unauthorized errors, if you don't want to use the same callback as used by login_required.

But at the very least, in _get_unauthorized_response do an abort(401) instead of returning a Response object, because a handler can be defined for that.

Edit:
Currently, I am defining my own auth_token_required decorator, but it would be nice if a solution for this could be found.

@mattupstate mattupstate merged commit bc60c02 into mattupstate:develop May 6, 2014

1 check passed

default The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment