Security

HTTPBasicAuth

Bases: _AuthBase, HTTPBasicAuth

Flask-HTTPAuth's HTTPBasicAuth with some modifications.

• Add an authentication error handler that returns JSON response.
• Expose the auth.current_user as a property.
• Add a description attribute for OpenAPI Spec.

Examples:

from apiflask import APIFlask, HTTPBasicAuth

app = APIFlask(__name__)
auth = HTTPBasicAuth()

Version changed: 1.3.0

• Add security_scheme_name parameter.

Source code in apiflask/security.py

class HTTPBasicAuth(_AuthBase, BaseHTTPBasicAuth):
    """Flask-HTTPAuth's HTTPBasicAuth with some modifications.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPBasicAuth

    app = APIFlask(__name__)
    auth = HTTPBasicAuth()
    ```

    *Version changed: 1.3.0*

    - Add `security_scheme_name` parameter.
    """

    def __init__(
        self,
        scheme: str = 'Basic',
        realm: str | None = None,
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize an `HTTPBasicAuth` object.

        Arguments:
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. Defaults to `'Basic'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                a scope of protection, defaults to use `'Authentication Required'`.
            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme, default to `BasicAuth`.
        """
        BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
        super().__init__(description=description, security_scheme_name=security_scheme_name)

__init__(scheme='Basic', realm=None, description=None, security_scheme_name=None)

Initialize an HTTPBasicAuth object.

Parameters:

Name	Type	Description	Default
scheme	str	The authentication scheme used in the WWW-Authenticate header. Defaults to 'Basic'.	'Basic'
realm	str | None	The realm used in the WWW-Authenticate header to indicate a scope of protection, defaults to use 'Authentication Required'.	None
description	str | None	The description of the OpenAPI security scheme.	None
security_scheme_name	str | None	The name of the OpenAPI security scheme, default to BasicAuth.	None

Source code in apiflask/security.py

def __init__(
    self,
    scheme: str = 'Basic',
    realm: str | None = None,
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize an `HTTPBasicAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. Defaults to `'Basic'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
            a scope of protection, defaults to use `'Authentication Required'`.
        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme, default to `BasicAuth`.
    """
    BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
    super().__init__(description=description, security_scheme_name=security_scheme_name)

HTTPTokenAuth

Bases: _AuthBase, HTTPTokenAuth

Flask-HTTPAuth's HTTPTokenAuth with some modifications.

• Add an authentication error handler that returns JSON response.
• Expose the auth.current_user as a property.
• Add a description attribute for OpenAPI Spec.

Examples:

from apiflask import APIFlask, HTTPTokenAuth

app = APIFlask(__name__)
auth = HTTPTokenAuth()

Source code in apiflask/security.py

class HTTPTokenAuth(_AuthBase, BaseHTTPTokenAuth):
    """Flask-HTTPAuth's HTTPTokenAuth with some modifications.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPTokenAuth

    app = APIFlask(__name__)
    auth = HTTPTokenAuth()
    ```
    """

    def __init__(
        self,
        scheme: str = 'Bearer',
        realm: str | None = None,
        header: str | None = None,
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize a `HTTPTokenAuth` object.

        Arguments:
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                 a scope of protection, defaults to use `'Authentication Required'`.
            header: The custom header where to obtain the token (instead
                of from `Authorization` header). If a custom header is used,
                the scheme should not be included. Example:

                ```
                X-API-Key: this-is-my-token
                ```

            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme,
                defaults to `BearerAuth` or `ApiKeyAuth`.

        *Version changed: 1.3.0*

        - Add `security_scheme_name` parameter.
        """
        BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
        super().__init__(description=description, security_scheme_name=security_scheme_name)

__init__(scheme='Bearer', realm=None, header=None, description=None, security_scheme_name=None)

Initialize a HTTPTokenAuth object.

Parameters:

Name	Type	Description	Default
scheme	str	The authentication scheme used in the WWW-Authenticate header. One of 'Bearer' and 'ApiKey', defaults to 'Bearer'.	'Bearer'
realm	str | None	The realm used in the WWW-Authenticate header to indicate a scope of protection, defaults to use 'Authentication Required'.	None
header	str | None	The custom header where to obtain the token (instead of from Authorization header). If a custom header is used, the scheme should not be included. Example: X-API-Key: this-is-my-token	None
description	str | None	The description of the OpenAPI security scheme.	None
security_scheme_name	str | None	The name of the OpenAPI security scheme, defaults to BearerAuth or ApiKeyAuth.	None

Version changed: 1.3.0

• Add security_scheme_name parameter.

Source code in apiflask/security.py

def __init__(
    self,
    scheme: str = 'Bearer',
    realm: str | None = None,
    header: str | None = None,
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize a `HTTPTokenAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
             a scope of protection, defaults to use `'Authentication Required'`.
        header: The custom header where to obtain the token (instead
            of from `Authorization` header). If a custom header is used,
            the scheme should not be included. Example:

            ```
            X-API-Key: this-is-my-token
            ```

        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme,
            defaults to `BearerAuth` or `ApiKeyAuth`.

    *Version changed: 1.3.0*

    - Add `security_scheme_name` parameter.
    """
    BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
    super().__init__(description=description, security_scheme_name=security_scheme_name)

External documentation

See Flask-HTTPAuth's API docs for the full usage of the following classes:

• HTTPBasicAuth: https://flask-httpauth.readthedocs.io/en/latest/#flask_httpauth.HTTPBasicAuth
• HTTPTokenAuth: https://flask-httpauth.readthedocs.io/en/latest/#flask_httpauth.HTTPTokenAuth