9

I am building out a feature for users to register, login, authenticate and authorize themselves, specifically using Python (Flask) for the backend. I've found a few solutions such as flask-login and flask-security.

To my understanding, flask-login doesn't actually do any authentication leaving all the JWT type work to me, whereas flask-security handles these scenarios.

With that being said, I have a few questions:

  1. Seems to me that flask-security is built on top of flask-login. So it seems better (at least to me) to use that library instead of trying to reinvent the wheel in terms of redesigning authentication. The last update to flask-security was on April 23, 2020. This leads me to believe that people are still active in trying to find ways to improve it. That said, is flask-security the better option of the two?

  2. I also want to use this in production. So would this is also a viable solution?

jeff
  • 490
  • 1
  • 6
  • 21

2 Answers2

14

Flask-Security is now deprecated, so I wouldn't recommend using it in production. There is a fork of it called Flask Security Too but it doesn't seem very widely followed.

To be honest even when it was maintained it wasn't my favourite as I think it tried to do too much.

Flask-Login on the other hand is a solid library. It is very "flasky" in the sense that it is low level and deals with the really annoying stuff (creating a session, persisting it with cookies, delivering a current_user, putting certain routes behind a login_required decorator) and then letting you design your own flow and pull in the libraries you want.

For instance if you want social login or OAuth token storage then Flask-Dance, which integrates nicely with Flask-Login and is actively maintained, smashes Flask-Social which integrates with Flask-Security.

There is also Flask-User, which gets good reviews but last commit was in 2019, which is a little scary.

Super
  • 188
  • 6
0

Flask-Security-Too, while it can be complex if you try to use all of its features, proves to actually be pretty easy to set up production-ready applications. It is actively maintained. I have a few working projects in production using this library (v4.x.x). Not too long ago, there has been a v5.x.x release as well. You should definitely check that out.

Hrishikesh
  • 1,076
  • 1
  • 8
  • 22