Security¶

`APIKeyCookieAuth` ¶

Bases: _BaseAPIKeyAuth

Flask-HTTPAuth's HTTPTokenAuth with some modifications to implement cookie APIKey authentication.

Add an authentication error handler that returns JSON response.
Expose the auth.current_user as a property.
Add a description attribute for OpenAPI Spec.
Add a name attribute for OpenAPI Spec.
Add a param_name attribute for API Key paramter.
Add the get_security_scheme method for OpenAPI Spec.

Examples:


from apiflask import APIFlask, APIKeyCookieAuth

app = APIFlask(__name__)
auth = APIKeyCookieAuth()

Source code in apiflask/security.py

class APIKeyCookieAuth(_BaseAPIKeyAuth):
    """Flask-HTTPAuth's HTTPTokenAuth with some modifications to implement cookie APIKey authentication.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.
    - Add a `name` attribute for OpenAPI Spec.
    - Add a `param_name` attribute for API Key paramter.
    - Add the `get_security_scheme` method for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, APIKeyCookieAuth

    app = APIFlask(__name__)
    auth = APIKeyCookieAuth()
    ```
    """  # noqa: E501

    def __init__(
        self,
        name: str = 'ApiKeyAuth',
        scheme: str = 'ApiKey',
        realm: str | None = None,
        param_name: str | None = 'X-API-Key',
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize a `APIKeyCookieAuth` object.

        Arguments:
            name: The security scheme name, default to `ApiKeyAuth`.
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. defaults to `'ApiKey'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                 a scope of protection, defaults to use `'Authentication Required'`.
            param_name: The name of API Key paramter. defaults to `'ApiKey'`.
            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme,
                defaults to `ApiKeyAuth`.

        *Version added: 3.0.0*
        """
        super().__init__(
            name=name,
            scheme=scheme,
            realm=realm,
            param_name=param_name,
            description=description,
            security_scheme_name=security_scheme_name,
        )
        self._location = 'cookie'

    def is_compatible_auth(self, headers):
        return self.param_name in request.cookies

    def get_auth(self) -> Authorization:
        auth = Authorization('apiKey')
        auth.token = request.cookies.get(self.param_name, '')  # type: ignore
        return auth

`init(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None)` ¶

Initialize a APIKeyCookieAuth object.

Parameters:

Name	Type	Description	Default
`name`	`str`	The security scheme name, default to `ApiKeyAuth`.	`'ApiKeyAuth'`
`scheme`	`str`	The authentication scheme used in the `WWW-Authenticate` header. defaults to `'ApiKey'`.	`'ApiKey'`
`realm`	`str \| None`	The realm used in the `WWW-Authenticate` header to indicate a scope of protection, defaults to use `'Authentication Required'`.	`None`
`param_name`	`str \| None`	The name of API Key paramter. defaults to `'ApiKey'`.	`'X-API-Key'`
`description`	`str \| None`	The description of the OpenAPI security scheme.	`None`
`security_scheme_name`	`str \| None`	The name of the OpenAPI security scheme, defaults to `ApiKeyAuth`.	`None`

Version added: 3.0.0

Source code in apiflask/security.py

def __init__(
    self,
    name: str = 'ApiKeyAuth',
    scheme: str = 'ApiKey',
    realm: str | None = None,
    param_name: str | None = 'X-API-Key',
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize a `APIKeyCookieAuth` object.

    Arguments:
        name: The security scheme name, default to `ApiKeyAuth`.
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. defaults to `'ApiKey'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
             a scope of protection, defaults to use `'Authentication Required'`.
        param_name: The name of API Key paramter. defaults to `'ApiKey'`.
        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme,
            defaults to `ApiKeyAuth`.

    *Version added: 3.0.0*
    """
    super().__init__(
        name=name,
        scheme=scheme,
        realm=realm,
        param_name=param_name,
        description=description,
        security_scheme_name=security_scheme_name,
    )
    self._location = 'cookie'

`APIKeyHeaderAuth` ¶

Bases: _BaseAPIKeyAuth

Flask-HTTPAuth's HTTPTokenAuth with some modifications to implement header APIKey authentication.

Add an authentication error handler that returns JSON response.
Expose the auth.current_user as a property.
Add a description attribute for OpenAPI Spec.
Add a name attribute for OpenAPI Spec.
Add a param_name attribute for API Key paramter.
Add the get_security_scheme method for OpenAPI Spec.

Examples:


from apiflask import APIFlask, APIKeyHeaderAuth

app = APIFlask(__name__)
auth = APIKeyHeaderAuth()

Source code in apiflask/security.py

class APIKeyHeaderAuth(_BaseAPIKeyAuth):
    """Flask-HTTPAuth's HTTPTokenAuth with some modifications to implement header APIKey authentication.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.
    - Add a `name` attribute for OpenAPI Spec.
    - Add a `param_name` attribute for API Key paramter.
    - Add the `get_security_scheme` method for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, APIKeyHeaderAuth

    app = APIFlask(__name__)
    auth = APIKeyHeaderAuth()
    ```
    """  # noqa: E501

    def __init__(
        self,
        name: str = 'ApiKeyAuth',
        scheme: str = 'ApiKey',
        realm: str | None = None,
        param_name: str | None = 'X-API-Key',
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize a `APIKeyHeaderAuth` object.

        Arguments:
            name: The security scheme name, default to `ApiKeyAuth`.
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. defaults to `'ApiKey'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                 a scope of protection, defaults to use `'Authentication Required'`.
            param_name: The name of API Key paramter. defaults to `'Authorization'`.
            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme,
                defaults to `ApiKeyAuth`.

        *Version added: 3.0.0*
        """
        super().__init__(
            name=name,
            scheme=scheme,
            realm=realm,
            param_name=param_name,
            description=description,
            security_scheme_name=security_scheme_name,
        )

`init(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None)` ¶

Initialize a APIKeyHeaderAuth object.

Parameters:

Name	Type	Description	Default
`name`	`str`	The security scheme name, default to `ApiKeyAuth`.	`'ApiKeyAuth'`
`scheme`	`str`	The authentication scheme used in the `WWW-Authenticate` header. defaults to `'ApiKey'`.	`'ApiKey'`
`realm`	`str \| None`	The realm used in the `WWW-Authenticate` header to indicate a scope of protection, defaults to use `'Authentication Required'`.	`None`
`param_name`	`str \| None`	The name of API Key paramter. defaults to `'Authorization'`.	`'X-API-Key'`
`description`	`str \| None`	The description of the OpenAPI security scheme.	`None`
`security_scheme_name`	`str \| None`	The name of the OpenAPI security scheme, defaults to `ApiKeyAuth`.	`None`

Version added: 3.0.0

Source code in apiflask/security.py

def __init__(
    self,
    name: str = 'ApiKeyAuth',
    scheme: str = 'ApiKey',
    realm: str | None = None,
    param_name: str | None = 'X-API-Key',
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize a `APIKeyHeaderAuth` object.

    Arguments:
        name: The security scheme name, default to `ApiKeyAuth`.
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. defaults to `'ApiKey'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
             a scope of protection, defaults to use `'Authentication Required'`.
        param_name: The name of API Key paramter. defaults to `'Authorization'`.
        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme,
            defaults to `ApiKeyAuth`.

    *Version added: 3.0.0*
    """
    super().__init__(
        name=name,
        scheme=scheme,
        realm=realm,
        param_name=param_name,
        description=description,
        security_scheme_name=security_scheme_name,
    )

`APIKeyQueryAuth` ¶

Bases: _BaseAPIKeyAuth

Flask-HTTPAuth's HTTPTokenAuth with some modifications to implement query parameter APIKey authentication.

Add an authentication error handler that returns JSON response.
Expose the auth.current_user as a property.
Add a description attribute for OpenAPI Spec.
Add a name attribute for OpenAPI Spec.
Add a param_name attribute for API Key paramter.
Add the get_security_scheme method for OpenAPI Spec.

Examples:


from apiflask import APIFlask, APIKeyQueryAuth

app = APIFlask(__name__)
auth = APIKeyQueryAuth()

Source code in apiflask/security.py

class APIKeyQueryAuth(_BaseAPIKeyAuth):
    """Flask-HTTPAuth's HTTPTokenAuth with some modifications to implement query parameter APIKey authentication.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.
    - Add a `name` attribute for OpenAPI Spec.
    - Add a `param_name` attribute for API Key paramter.
    - Add the `get_security_scheme` method for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, APIKeyQueryAuth

    app = APIFlask(__name__)
    auth = APIKeyQueryAuth()
    ```
    """  # noqa: E501

    def __init__(
        self,
        name: str = 'ApiKeyAuth',
        scheme: str = 'ApiKey',
        realm: str | None = None,
        param_name: str | None = 'X-API-Key',
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize a `APIKeyQueryAuth` object.

        Arguments:
            name: The security scheme name, default to `ApiKeyAuth`.
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. defaults to `'ApiKey'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                 a scope of protection, defaults to use `'Authentication Required'`.
            param_name: The name of API Key paramter. defaults to `'ApiKey'`.
            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme,
                defaults to `ApiKeyAuth`.

        *Version added: 3.0.0*
        """
        super().__init__(
            name=name,
            scheme=scheme,
            realm=realm,
            param_name=param_name,
            description=description,
            security_scheme_name=security_scheme_name,
        )
        self._location = 'query'

    def is_compatible_auth(self, headers):
        return self.param_name in request.args

    def get_auth(self) -> Authorization:
        auth = Authorization('apiKey')
        auth.token = request.args.get(self.param_name, '')  # type: ignore
        return auth

`init(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None)` ¶

Initialize a APIKeyQueryAuth object.

Parameters:

Name	Type	Description	Default
`name`	`str`	The security scheme name, default to `ApiKeyAuth`.	`'ApiKeyAuth'`
`scheme`	`str`	The authentication scheme used in the `WWW-Authenticate` header. defaults to `'ApiKey'`.	`'ApiKey'`
`realm`	`str \| None`	The realm used in the `WWW-Authenticate` header to indicate a scope of protection, defaults to use `'Authentication Required'`.	`None`
`param_name`	`str \| None`	The name of API Key paramter. defaults to `'ApiKey'`.	`'X-API-Key'`
`description`	`str \| None`	The description of the OpenAPI security scheme.	`None`
`security_scheme_name`	`str \| None`	The name of the OpenAPI security scheme, defaults to `ApiKeyAuth`.	`None`

Version added: 3.0.0

Source code in apiflask/security.py

def __init__(
    self,
    name: str = 'ApiKeyAuth',
    scheme: str = 'ApiKey',
    realm: str | None = None,
    param_name: str | None = 'X-API-Key',
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize a `APIKeyQueryAuth` object.

    Arguments:
        name: The security scheme name, default to `ApiKeyAuth`.
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. defaults to `'ApiKey'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
             a scope of protection, defaults to use `'Authentication Required'`.
        param_name: The name of API Key paramter. defaults to `'ApiKey'`.
        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme,
            defaults to `ApiKeyAuth`.

    *Version added: 3.0.0*
    """
    super().__init__(
        name=name,
        scheme=scheme,
        realm=realm,
        param_name=param_name,
        description=description,
        security_scheme_name=security_scheme_name,
    )
    self._location = 'query'

`HTTPBasicAuth` ¶

Bases: _AuthBase, HTTPBasicAuth, SecurityScheme

Flask-HTTPAuth's HTTPBasicAuth with some modifications.

Add an authentication error handler that returns JSON response.
Expose the auth.current_user as a property.
Add a description attribute for OpenAPI Spec.
Add a name attribute for OpenAPI Spec.
Add the get_security_scheme method for OpenAPI Spec.

Examples:


from apiflask import APIFlask, HTTPBasicAuth

app = APIFlask(__name__)
auth = HTTPBasicAuth()

Version changed: 3.0.0

Add parameter name.

Version changed: 1.3.0

Add security_scheme_name parameter.

Source code in apiflask/security.py

class HTTPBasicAuth(_AuthBase, BaseHTTPBasicAuth, SecurityScheme):
    """Flask-HTTPAuth's HTTPBasicAuth with some modifications.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.
    - Add a `name` attribute for OpenAPI Spec.
    - Add the `get_security_scheme` method for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPBasicAuth

    app = APIFlask(__name__)
    auth = HTTPBasicAuth()
    ```

    *Version changed: 3.0.0*

    - Add parameter `name`.

    *Version changed: 1.3.0*

    - Add `security_scheme_name` parameter.
    """

    def __init__(
        self,
        name: str = 'BasicAuth',
        scheme: str = 'Basic',
        realm: str | None = None,
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize an `HTTPBasicAuth` object.

        Arguments:
            name: The security scheme name, default to `BasicAuth`.
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. Defaults to `'Basic'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                a scope of protection, defaults to use `'Authentication Required'`.
            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme, default to `BasicAuth`.
        """
        BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
        super().__init__(description=description, security_scheme_name=security_scheme_name)
        self.name = security_scheme_name or name

    def get_security_scheme(self) -> dict[str, t.Any]:
        security_scheme = {
            'type': 'http',
            'scheme': 'basic',
        }

        if self.description is not None:
            security_scheme['description'] = self.description

        return security_scheme

`init(name='BasicAuth', scheme='Basic', realm=None, description=None, security_scheme_name=None)` ¶

Initialize an HTTPBasicAuth object.

Parameters:

Name	Type	Description	Default
`name`	`str`	The security scheme name, default to `BasicAuth`.	`'BasicAuth'`
`scheme`	`str`	The authentication scheme used in the `WWW-Authenticate` header. Defaults to `'Basic'`.	`'Basic'`
`realm`	`str \| None`	The realm used in the `WWW-Authenticate` header to indicate a scope of protection, defaults to use `'Authentication Required'`.	`None`
`description`	`str \| None`	The description of the OpenAPI security scheme.	`None`
`security_scheme_name`	`str \| None`	The name of the OpenAPI security scheme, default to `BasicAuth`.	`None`

Source code in apiflask/security.py

def __init__(
    self,
    name: str = 'BasicAuth',
    scheme: str = 'Basic',
    realm: str | None = None,
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize an `HTTPBasicAuth` object.

    Arguments:
        name: The security scheme name, default to `BasicAuth`.
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. Defaults to `'Basic'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
            a scope of protection, defaults to use `'Authentication Required'`.
        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme, default to `BasicAuth`.
    """
    BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
    super().__init__(description=description, security_scheme_name=security_scheme_name)
    self.name = security_scheme_name or name

`HTTPTokenAuth` ¶

Bases: _AuthBase, HTTPTokenAuth, SecurityScheme

Flask-HTTPAuth's HTTPTokenAuth with some modifications.

Add an authentication error handler that returns JSON response.
Expose the auth.current_user as a property.
Add a description attribute for OpenAPI Spec.
Add a name attribute for OpenAPI Spec.
Add the get_security_scheme method for OpenAPI Spec.

Examples:


from apiflask import APIFlask, HTTPTokenAuth

app = APIFlask(__name__)
auth = HTTPTokenAuth()

Source code in apiflask/security.py

class HTTPTokenAuth(_AuthBase, BaseHTTPTokenAuth, SecurityScheme):
    """Flask-HTTPAuth's HTTPTokenAuth with some modifications.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.
    - Add a `name` attribute for OpenAPI Spec.
    - Add the `get_security_scheme` method for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPTokenAuth

    app = APIFlask(__name__)
    auth = HTTPTokenAuth()
    ```
    """

    def __init__(
        self,
        scheme: str = 'Bearer',
        name: str = 'BearerAuth',
        realm: str | None = None,
        header: str | None = None,
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize a `HTTPTokenAuth` object.

        Arguments:
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
            name: The security scheme name, default to `BearerAuth`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                 a scope of protection, defaults to use `'Authentication Required'`.
            header: The custom header where to obtain the token (instead
                of from `Authorization` header). If a custom header is used,
                the scheme should not be included. Example:

                ```
                X-API-Key: this-is-my-token
                ```

            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme,
                defaults to `BearerAuth` or `ApiKeyAuth`.

        *Version changed: 3.0.0*

        - Add parameter `name`.

        *Version changed: 1.3.0*

        - Add `security_scheme_name` parameter.
        """
        BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
        super().__init__(description=description, security_scheme_name=security_scheme_name)
        if not self.scheme.lower() == 'bearer' or self.header is not None:
            name = 'ApiKeyAuth'
            warnings.warn(
                'The API key authorization by HTTPTokenAuth is deprecated and will be removed in '
                'APIFlask 4.0.0. Use '
                'APIKeyHeaderAuth, APIKeyCookieAuth, or APIKeyQueryAuth instead.',
                DeprecationWarning,
                stacklevel=2,
            )

        self.name = security_scheme_name or name

    def get_security_scheme(self) -> dict[str, t.Any]:
        if not self.scheme.lower() == 'bearer' or self.header is not None:
            security_scheme = {
                'type': 'apiKey',
                'name': self.header,
                'in': 'header',
            }
        else:
            security_scheme = {
                'type': 'http',
                'scheme': 'bearer',
            }

        if self.description is not None:
            security_scheme['description'] = self.description

        return security_scheme

`init(scheme='Bearer', name='BearerAuth', realm=None, header=None, description=None, security_scheme_name=None)` ¶

Initialize a HTTPTokenAuth object.

Parameters:

Name	Type	Description	Default
`scheme`	`str`	The authentication scheme used in the `WWW-Authenticate` header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.	`'Bearer'`
`name`	`str`	The security scheme name, default to `BearerAuth`.	`'BearerAuth'`
`realm`	`str \| None`	The realm used in the `WWW-Authenticate` header to indicate a scope of protection, defaults to use `'Authentication Required'`.	`None`
`header`	`str \| None`	The custom header where to obtain the token (instead of from `Authorization` header). If a custom header is used, the scheme should not be included. Example: `X-API-Key: this-is-my-token`	`None`
`description`	`str \| None`	The description of the OpenAPI security scheme.	`None`
`security_scheme_name`	`str \| None`	The name of the OpenAPI security scheme, defaults to `BearerAuth` or `ApiKeyAuth`.	`None`

Version changed: 3.0.0

Add parameter name.

Version changed: 1.3.0

Add security_scheme_name parameter.

Source code in apiflask/security.py

def __init__(
    self,
    scheme: str = 'Bearer',
    name: str = 'BearerAuth',
    realm: str | None = None,
    header: str | None = None,
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize a `HTTPTokenAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
        name: The security scheme name, default to `BearerAuth`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
             a scope of protection, defaults to use `'Authentication Required'`.
        header: The custom header where to obtain the token (instead
            of from `Authorization` header). If a custom header is used,
            the scheme should not be included. Example:

            ```
            X-API-Key: this-is-my-token
            ```

        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme,
            defaults to `BearerAuth` or `ApiKeyAuth`.

    *Version changed: 3.0.0*

    - Add parameter `name`.

    *Version changed: 1.3.0*

    - Add `security_scheme_name` parameter.
    """
    BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
    super().__init__(description=description, security_scheme_name=security_scheme_name)
    if not self.scheme.lower() == 'bearer' or self.header is not None:
        name = 'ApiKeyAuth'
        warnings.warn(
            'The API key authorization by HTTPTokenAuth is deprecated and will be removed in '
            'APIFlask 4.0.0. Use '
            'APIKeyHeaderAuth, APIKeyCookieAuth, or APIKeyQueryAuth instead.',
            DeprecationWarning,
            stacklevel=2,
        )

    self.name = security_scheme_name or name

`MultiAuth` ¶

Bases: MultiAuth

Flask-HTTPAuth's HTTPMultiAuth with some modifications.

Expose the auth.current_user as a property.

Examples:


from apiflask import APIFlask, HTTPBasicAuth, HTTPTokenAuth, MultiAuth

app = APIFlask(__name__)
basic_auth = HTTPBasicAuth()
token_auth = HTTPTokenAuth()
multi_auth = MultiAuth(basic_auth, token_auth)

Version added: 3.0.0

Source code in apiflask/security.py

class MultiAuth(BaseMultiAuth):
    """Flask-HTTPAuth's HTTPMultiAuth with some modifications.

    - Expose the `auth.current_user` as a property.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPBasicAuth, HTTPTokenAuth, MultiAuth

    app = APIFlask(__name__)
    basic_auth = HTTPBasicAuth()
    token_auth = HTTPTokenAuth()
    multi_auth = MultiAuth(basic_auth, token_auth)
    ```

    *Version added: 3.0.0*
    """

    def __init__(self, main_auth: HTTPAuthType, *additional_auth: tuple[HTTPAuthType]):
        """Initialize a `HTTPMultiAuth` object.

        Arguments:
            main_auth: The main authentication object.
            additional_auth: The additional additional objects.
        """
        super().__init__(main_auth, *additional_auth)

    @property
    def current_user(self) -> None | t.Any:
        return g.get('flask_httpauth_user', None)

    @property
    def _auths(self) -> list[HTTPAuthType]:
        return [self.main_auth] + list(self.additional_auth)

`init(main_auth, *additional_auth)` ¶

Initialize a HTTPMultiAuth object.

Parameters:

Name	Type	Description	Default
`main_auth`	`HTTPAuthType`	The main authentication object.	required
`additional_auth`	`tuple[HTTPAuthType]`	The additional additional objects.	`()`

Source code in apiflask/security.py

def __init__(self, main_auth: HTTPAuthType, *additional_auth: tuple[HTTPAuthType]):
    """Initialize a `HTTPMultiAuth` object.

    Arguments:
        main_auth: The main authentication object.
        additional_auth: The additional additional objects.
    """
    super().__init__(main_auth, *additional_auth)

External documentation¶

See Flask-HTTPAuth's API docs for the full usage of the following classes:

HTTPBasicAuth: https://flask-httpauth.readthedocs.io/en/latest/#flask_httpauth.HTTPBasicAuth
HTTPTokenAuth: https://flask-httpauth.readthedocs.io/en/latest/#flask_httpauth.HTTPTokenAuth
HTTPMultiAuth: https://flask-httpauth.readthedocs.io/en/latest/#flask_httpauth.HTTPMultiAuth

Security¶

APIKeyCookieAuth ¶

__init__(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None) ¶

APIKeyHeaderAuth ¶

__init__(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None) ¶

APIKeyQueryAuth ¶

__init__(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None) ¶

HTTPBasicAuth ¶

__init__(name='BasicAuth', scheme='Basic', realm=None, description=None, security_scheme_name=None) ¶

HTTPTokenAuth ¶

__init__(scheme='Bearer', name='BearerAuth', realm=None, header=None, description=None, security_scheme_name=None) ¶

MultiAuth ¶

__init__(main_auth, *additional_auth) ¶

External documentation¶

`APIKeyCookieAuth` ¶

`init(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None)` ¶

`APIKeyHeaderAuth` ¶

`init(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None)` ¶

`APIKeyQueryAuth` ¶

`init(name='ApiKeyAuth', scheme='ApiKey', realm=None, param_name='X-API-Key', description=None, security_scheme_name=None)` ¶

`HTTPBasicAuth` ¶

`init(name='BasicAuth', scheme='Basic', realm=None, description=None, security_scheme_name=None)` ¶

`HTTPTokenAuth` ¶

`init(scheme='Bearer', name='BearerAuth', realm=None, header=None, description=None, security_scheme_name=None)` ¶

`MultiAuth` ¶

`init(main_auth, *additional_auth)` ¶