[Flask] transfer login status to another flask application
unai at sysbible.org
Sat Nov 5 20:19:05 EDT 2016
My understanding is that you're trying to implement something similar to
CAS SSO using Flask. Perhaps their documentation could help you?
In fact you might just be able to integrate your Flask apps with CAS
without implementing it yourself...
On Sun, Nov 6, 2016, at 06:23 AM, Patrick Rieser wrote:
> Hey everybody,
> I wonder if there is a way to transfer the login status of a user to
> another flask application. Consider the a typical login process:
> a) User visits login.domain and puts in his credentials
> b) flask application at login.domain takes this credentials and sends
> the user and password to the internal api with the user and
> c) The api hashes the password and compares it to the database and if
> valid an api token that simply consists of the username is
> generated and sent as a response (to increase the security of the
> internal api)
> d) login application verifies the login and a login cookie is
> generated (all with running flask-login) and then stores the token
> in the flask session to easily access the api
> e) login application redicets to another flask application (e.g.
> project_0) and tells this application that the user is already
> logged in and passes the api token (and the login status)
> So a) through d) are perfectly fine, but I don't really have any clue
> how to accomplish e), especially how the other application (project_0)
> can be made aware in a secure way that the user is already logged in,
> i.e. somehow copy the login cookie or generate a new one. Any help,
> clues or pointers are greatly appreciated!
> With kind regards,
> Flask mailing list
> Flask at python.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Flask