Skip to content

Security

HTTPBasicAuth (_AuthBase, HTTPBasicAuth)

Flask-HTTPAuth's HTTPBasicAuth with some modifications.

  • Add an authentication error handler that returns JSON response.
  • Expose the auth.current_user as a property.
  • Add a description attribute for OpenAPI Spec.

Examples:

from apiflask import APIFlask, HTTPBasicAuth

app = APIFlask(__name__)
auth = HTTPBasicAuth()

__init__(self, scheme='Basic', realm=None, description=None) special

Initialize an HTTPBasicAuth object.

Parameters:

Name Type Description Default
scheme str

The authentication scheme used in the WWW-Authenticate header. Defaults to 'Basic'.

'Basic'
realm Optional[str]

The realm used in the WWW-Authenticate header to indicate a scope of protection, defaults to use 'Authentication Required'.

None
description Optional[str]

The description of the security scheme.

None
Source code in apiflask/security.py
def __init__(
    self,
    scheme: str = 'Basic',
    realm: t.Optional[str] = None,
    description: t.Optional[str] = None
) -> None:
    """Initialize an `HTTPBasicAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. Defaults to `'Basic'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
            a scope of protection, defaults to use `'Authentication Required'`.
        description: The description of the security scheme.
    """
    BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
    super().__init__(description=description)

HTTPTokenAuth (_AuthBase, HTTPTokenAuth)

Flask-HTTPAuth's HTTPTokenAuth with some modifications.

  • Add an authentication error handler that returns JSON response.
  • Expose the auth.current_user as a property.
  • Add a description attribute for OpenAPI Spec.

Examples:

from apiflask import APIFlask, HTTPTokenAuth

app = APIFlask(__name__)
auth = HTTPTokenAuth()

__init__(self, scheme='Bearer', realm=None, header=None, description=None) special

Initialize a HTTPTokenAuth object.

Parameters:

Name Type Description Default
scheme str

The authentication scheme used in the WWW-Authenticate header. One of 'Bearer' and 'ApiKey', defaults to 'Bearer'.

'Bearer'
realm Optional[str]

The realm used in the WWW-Authenticate header to indicate a scope of protection, defaults to use 'Authentication Required'.

None
header Optional[str]

The custom header where to obtain the token (instead of from Authorization header). If a custom header is used, the scheme should not be included. Example:

X-API-Key: this-is-my-token
None
description Optional[str]

The description of the security scheme.

None
Source code in apiflask/security.py
def __init__(
    self,
    scheme: str = 'Bearer',
    realm: t.Optional[str] = None,
    header: t.Optional[str] = None,
    description: t.Optional[str] = None
) -> None:
    """Initialize a `HTTPTokenAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
             a scope of protection, defaults to use `'Authentication Required'`.
        header: The custom header where to obtain the token (instead
            of from `Authorization` header). If a custom header is used,
            the scheme should not be included. Example:

            ```
            X-API-Key: this-is-my-token
            ```

        description: The description of the security scheme.
    """
    BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
    super().__init__(description=description)