Skip to content

Security

HTTPBasicAuth

Bases: _AuthBase, HTTPBasicAuth

Flask-HTTPAuth's HTTPBasicAuth with some modifications.

  • Add an authentication error handler that returns JSON response.
  • Expose the auth.current_user as a property.
  • Add a description attribute for OpenAPI Spec.

Examples:

from apiflask import APIFlask, HTTPBasicAuth

app = APIFlask(__name__)
auth = HTTPBasicAuth()

Version changed: 1.3.0

  • Add security_scheme_name parameter.
Source code in apiflask/security.py
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
class HTTPBasicAuth(_AuthBase, BaseHTTPBasicAuth):
    """Flask-HTTPAuth's HTTPBasicAuth with some modifications.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPBasicAuth

    app = APIFlask(__name__)
    auth = HTTPBasicAuth()
    ```

    *Version changed: 1.3.0*

    - Add `security_scheme_name` parameter.
    """

    def __init__(
        self,
        scheme: str = 'Basic',
        realm: str | None = None,
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize an `HTTPBasicAuth` object.

        Arguments:
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. Defaults to `'Basic'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                a scope of protection, defaults to use `'Authentication Required'`.
            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme, default to `BasicAuth`.
        """
        BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
        super().__init__(description=description, security_scheme_name=security_scheme_name)

__init__(scheme='Basic', realm=None, description=None, security_scheme_name=None)

Initialize an HTTPBasicAuth object.

Parameters:

Name Type Description Default
scheme str

The authentication scheme used in the WWW-Authenticate header. Defaults to 'Basic'.

'Basic'
realm str | None

The realm used in the WWW-Authenticate header to indicate a scope of protection, defaults to use 'Authentication Required'.

None
description str | None

The description of the OpenAPI security scheme.

None
security_scheme_name str | None

The name of the OpenAPI security scheme, default to BasicAuth.

None
Source code in apiflask/security.py
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
def __init__(
    self,
    scheme: str = 'Basic',
    realm: str | None = None,
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize an `HTTPBasicAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. Defaults to `'Basic'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
            a scope of protection, defaults to use `'Authentication Required'`.
        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme, default to `BasicAuth`.
    """
    BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
    super().__init__(description=description, security_scheme_name=security_scheme_name)

HTTPTokenAuth

Bases: _AuthBase, HTTPTokenAuth

Flask-HTTPAuth's HTTPTokenAuth with some modifications.

  • Add an authentication error handler that returns JSON response.
  • Expose the auth.current_user as a property.
  • Add a description attribute for OpenAPI Spec.

Examples:

from apiflask import APIFlask, HTTPTokenAuth

app = APIFlask(__name__)
auth = HTTPTokenAuth()
Source code in apiflask/security.py
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
class HTTPTokenAuth(_AuthBase, BaseHTTPTokenAuth):
    """Flask-HTTPAuth's HTTPTokenAuth with some modifications.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPTokenAuth

    app = APIFlask(__name__)
    auth = HTTPTokenAuth()
    ```
    """

    def __init__(
        self,
        scheme: str = 'Bearer',
        realm: str | None = None,
        header: str | None = None,
        description: str | None = None,
        security_scheme_name: str | None = None,
    ) -> None:
        """Initialize a `HTTPTokenAuth` object.

        Arguments:
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                 a scope of protection, defaults to use `'Authentication Required'`.
            header: The custom header where to obtain the token (instead
                of from `Authorization` header). If a custom header is used,
                the scheme should not be included. Example:

                ```
                X-API-Key: this-is-my-token
                ```

            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme,
                defaults to `BearerAuth` or `ApiKeyAuth`.

        *Version changed: 1.3.0*

        - Add `security_scheme_name` parameter.
        """
        BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
        super().__init__(description=description, security_scheme_name=security_scheme_name)

__init__(scheme='Bearer', realm=None, header=None, description=None, security_scheme_name=None)

Initialize a HTTPTokenAuth object.

Parameters:

Name Type Description Default
scheme str

The authentication scheme used in the WWW-Authenticate header. One of 'Bearer' and 'ApiKey', defaults to 'Bearer'.

'Bearer'
realm str | None

The realm used in the WWW-Authenticate header to indicate a scope of protection, defaults to use 'Authentication Required'.

None
header str | None

The custom header where to obtain the token (instead of from Authorization header). If a custom header is used, the scheme should not be included. Example:

X-API-Key: this-is-my-token
None
description str | None

The description of the OpenAPI security scheme.

None
security_scheme_name str | None

The name of the OpenAPI security scheme, defaults to BearerAuth or ApiKeyAuth.

None

Version changed: 1.3.0

  • Add security_scheme_name parameter.
Source code in apiflask/security.py
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
def __init__(
    self,
    scheme: str = 'Bearer',
    realm: str | None = None,
    header: str | None = None,
    description: str | None = None,
    security_scheme_name: str | None = None,
) -> None:
    """Initialize a `HTTPTokenAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
             a scope of protection, defaults to use `'Authentication Required'`.
        header: The custom header where to obtain the token (instead
            of from `Authorization` header). If a custom header is used,
            the scheme should not be included. Example:

            ```
            X-API-Key: this-is-my-token
            ```

        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme,
            defaults to `BearerAuth` or `ApiKeyAuth`.

    *Version changed: 1.3.0*

    - Add `security_scheme_name` parameter.
    """
    BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
    super().__init__(description=description, security_scheme_name=security_scheme_name)

External documentation

See Flask-HTTPAuth's API docs for the full usage of the following classes: