Skip to content

Security

HTTPBasicAuth (_AuthBase, HTTPBasicAuth)

Flask-HTTPAuth's HTTPBasicAuth with some modifications.

  • Add an authentication error handler that returns JSON response.
  • Expose the auth.current_user as a property.
  • Add a description attribute for OpenAPI Spec.

Examples:

from apiflask import APIFlask, HTTPBasicAuth

app = APIFlask(__name__)
auth = HTTPBasicAuth()

Version changed: 1.3.0

  • Add security_scheme_name parameter.
Source code in apiflask/security.py
class HTTPBasicAuth(_AuthBase, BaseHTTPBasicAuth):
    """Flask-HTTPAuth's HTTPBasicAuth with some modifications.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPBasicAuth

    app = APIFlask(__name__)
    auth = HTTPBasicAuth()
    ```

    *Version changed: 1.3.0*

    - Add `security_scheme_name` parameter.
    """

    def __init__(
        self,
        scheme: str = 'Basic',
        realm: t.Optional[str] = None,
        description: t.Optional[str] = None,
        security_scheme_name: t.Optional[str] = None,
    ) -> None:
        """Initialize an `HTTPBasicAuth` object.

        Arguments:
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. Defaults to `'Basic'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                a scope of protection, defaults to use `'Authentication Required'`.
            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme, default to `BasicAuth`.
        """
        BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
        super().__init__(description=description, security_scheme_name=security_scheme_name)

__init__(self, scheme='Basic', realm=None, description=None, security_scheme_name=None) special

Initialize an HTTPBasicAuth object.

Parameters:

Name Type Description Default
scheme str

The authentication scheme used in the WWW-Authenticate header. Defaults to 'Basic'.

'Basic'
realm Optional[str]

The realm used in the WWW-Authenticate header to indicate a scope of protection, defaults to use 'Authentication Required'.

None
description Optional[str]

The description of the OpenAPI security scheme.

None
security_scheme_name Optional[str]

The name of the OpenAPI security scheme, default to BasicAuth.

None
Source code in apiflask/security.py
def __init__(
    self,
    scheme: str = 'Basic',
    realm: t.Optional[str] = None,
    description: t.Optional[str] = None,
    security_scheme_name: t.Optional[str] = None,
) -> None:
    """Initialize an `HTTPBasicAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. Defaults to `'Basic'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
            a scope of protection, defaults to use `'Authentication Required'`.
        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme, default to `BasicAuth`.
    """
    BaseHTTPBasicAuth.__init__(self, scheme=scheme, realm=realm)
    super().__init__(description=description, security_scheme_name=security_scheme_name)

HTTPTokenAuth (_AuthBase, HTTPTokenAuth)

Flask-HTTPAuth's HTTPTokenAuth with some modifications.

  • Add an authentication error handler that returns JSON response.
  • Expose the auth.current_user as a property.
  • Add a description attribute for OpenAPI Spec.

Examples:

from apiflask import APIFlask, HTTPTokenAuth

app = APIFlask(__name__)
auth = HTTPTokenAuth()
Source code in apiflask/security.py
class HTTPTokenAuth(_AuthBase, BaseHTTPTokenAuth):
    """Flask-HTTPAuth's HTTPTokenAuth with some modifications.

    - Add an authentication error handler that returns JSON response.
    - Expose the `auth.current_user` as a property.
    - Add a `description` attribute for OpenAPI Spec.

    Examples:

    ```python
    from apiflask import APIFlask, HTTPTokenAuth

    app = APIFlask(__name__)
    auth = HTTPTokenAuth()
    ```
    """

    def __init__(
        self,
        scheme: str = 'Bearer',
        realm: t.Optional[str] = None,
        header: t.Optional[str] = None,
        description: t.Optional[str] = None,
        security_scheme_name: t.Optional[str] = None,
    ) -> None:
        """Initialize a `HTTPTokenAuth` object.

        Arguments:
            scheme: The authentication scheme used in the `WWW-Authenticate`
                header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
            realm: The realm used in the `WWW-Authenticate` header to indicate
                 a scope of protection, defaults to use `'Authentication Required'`.
            header: The custom header where to obtain the token (instead
                of from `Authorization` header). If a custom header is used,
                the scheme should not be included. Example:

                ```
                X-API-Key: this-is-my-token
                ```

            description: The description of the OpenAPI security scheme.
            security_scheme_name: The name of the OpenAPI security scheme,
                defaults to `BearerAuth` or `ApiKeyAuth`.

        *Version changed: 1.3.0*

        - Add `security_scheme_name` parameter.
        """
        BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
        super().__init__(description=description, security_scheme_name=security_scheme_name)

__init__(self, scheme='Bearer', realm=None, header=None, description=None, security_scheme_name=None) special

Initialize a HTTPTokenAuth object.

Parameters:

Name Type Description Default
scheme str

The authentication scheme used in the WWW-Authenticate header. One of 'Bearer' and 'ApiKey', defaults to 'Bearer'.

'Bearer'
realm Optional[str]

The realm used in the WWW-Authenticate header to indicate a scope of protection, defaults to use 'Authentication Required'.

None
header Optional[str]

The custom header where to obtain the token (instead of from Authorization header). If a custom header is used, the scheme should not be included. Example:

X-API-Key: this-is-my-token
None
description Optional[str]

The description of the OpenAPI security scheme.

None
security_scheme_name Optional[str]

The name of the OpenAPI security scheme, defaults to BearerAuth or ApiKeyAuth.

None

Version changed: 1.3.0

  • Add security_scheme_name parameter.
Source code in apiflask/security.py
def __init__(
    self,
    scheme: str = 'Bearer',
    realm: t.Optional[str] = None,
    header: t.Optional[str] = None,
    description: t.Optional[str] = None,
    security_scheme_name: t.Optional[str] = None,
) -> None:
    """Initialize a `HTTPTokenAuth` object.

    Arguments:
        scheme: The authentication scheme used in the `WWW-Authenticate`
            header. One of `'Bearer'` and `'ApiKey'`, defaults to `'Bearer'`.
        realm: The realm used in the `WWW-Authenticate` header to indicate
             a scope of protection, defaults to use `'Authentication Required'`.
        header: The custom header where to obtain the token (instead
            of from `Authorization` header). If a custom header is used,
            the scheme should not be included. Example:

            ```
            X-API-Key: this-is-my-token
            ```

        description: The description of the OpenAPI security scheme.
        security_scheme_name: The name of the OpenAPI security scheme,
            defaults to `BearerAuth` or `ApiKeyAuth`.

    *Version changed: 1.3.0*

    - Add `security_scheme_name` parameter.
    """
    BaseHTTPTokenAuth.__init__(self, scheme=scheme, realm=realm, header=header)
    super().__init__(description=description, security_scheme_name=security_scheme_name)

External documentation

See Flask-HTTPAuth's API docs for the full usage of the following classes: