Authentication

class microdot.auth.BasicAuth(realm='Please login', charset='UTF-8', scheme='Basic', error_status=401)

Basic Authentication.

Parameters:

  • realm – The realm that is displayed when the user is prompted to authenticate in the browser.

  • charset – The charset that is used to encode the realm.

  • scheme – The authentication scheme. Defaults to ‘Basic’.

  • error_status – The error status code to return when authentication fails. Defaults to 401.

authenticate(f)

Decorator to configure the authentication callback.

This decorator must be used with a function that accepts the request object, a username and a password and returns a user object if the credentials are valid, or None if they are not. Example:

@auth.authenticate
async def check_credentials(request, username, password):
    user = get_user(username)
    if user and user.check_password(password):
        return get_user(username)
__call__(f)

Decorator to protect a route with authentication.

An instance of this class must be used as a decorator on the routes that need to be protected. Example:

auth = BasicAuth()  # or TokenAuth()

@app.route('/protected')
@auth
def protected(request):
    # ...

Routes that are decorated in this way will only be invoked if the authentication callback returned a valid user object, otherwise the error callback will be executed.

optional(f)

Decorator to protect a route with optional authentication.

This decorator makes authentication for the decorated route optional, meaning that the route is allowed to run with or with authentication given in the request.

class microdot.auth.TokenAuth(header='Authorization', scheme='Bearer', error_status=401)

Token based authentication.

Parameters:

  • header – The name of the header that will contain the token. Defaults to ‘Authorization’.

  • scheme – The authentication scheme. Defaults to ‘Bearer’.

  • error_status – The error status code to return when authentication fails. Defaults to 401.

authenticate(f)

Decorator to configure the authentication callback.

This decorator must be used with a function that accepts the request object, a username and a password and returns a user object if the credentials are valid, or None if they are not. Example:

@auth.authenticate
async def check_credentials(request, token):
    return get_user(token)
errorhandler(f)

Decorator to configure the error callback.

Microdot calls the error callback to allow the application to generate a custom error response. The default error response is to call abort(401).

__call__(f)

Decorator to protect a route with authentication.

An instance of this class must be used as a decorator on the routes that need to be protected. Example:

auth = BasicAuth()  # or TokenAuth()

@app.route('/protected')
@auth
def protected(request):
    # ...

Routes that are decorated in this way will only be invoked if the authentication callback returned a valid user object, otherwise the error callback will be executed.

optional(f)

Decorator to protect a route with optional authentication.

This decorator makes authentication for the decorated route optional, meaning that the route is allowed to run with or with authentication given in the request.