Providers

Flask-Dance comes with pre-set OAuth consumer configurations for a few popular OAuth providers. Flask-Dance also works with providers that aren’t in this list: see the Custom section at the bottom of the page. We also welcome pull requests to add new pre-set provider configurations to Flask-Dance!

Facebook

flask_dance.contrib.facebook.make_facebook_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Facebook using OAuth 2. This requires a client ID and client secret from Facebook. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables FACEBOOK_OAUTH_CLIENT_ID and FACEBOOK_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Facebook.
  • client_secret (str) – The client secret for your application on Facebook
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /facebook
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /facebook/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.facebook.facebook

A LocalProxy to a requests.Session that already has the Facebook authentication token loaded (assuming that the user has authenticated with Facebook at some point in the past).

GitHub

flask_dance.contrib.github.make_github_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with GitHub using OAuth 2. This requires a client ID and client secret from GitHub. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GITHUB_OAUTH_CLIENT_ID and GITHUB_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on GitHub.
  • client_secret (str) – The client secret for your application on GitHub
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /github
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /github/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.github.github

A LocalProxy to a requests.Session that already has the GitHub authentication token loaded (assuming that the user has authenticated with GitHub at some point in the past).

GitLab

flask_dance.contrib.gitlab.make_gitlab_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None, hostname='gitlab.com')[source]

Make a blueprint for authenticating with GitLab using OAuth 2. This requires a client ID and client secret from GitLab. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GITLAB_OAUTH_CLIENT_ID and GITLAB_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on GitLab.
  • client_secret (str) – The client secret for your application on GitLab
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /gitlab
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /gitlab/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
  • hostname (str, optional) – If using a private instance of GitLab CE/EE, specify the hostname, default is gitlab.com
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.gitlab.gitlab

A LocalProxy to a requests.Session that already has the GitLab authentication token loaded (assuming that the user has authenticated with GitLab at some point in the past).

Google

flask_dance.contrib.google.make_google_blueprint(client_id=None, client_secret=None, scope=None, offline=False, reprompt_consent=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Google using OAuth 2. This requires a client ID and client secret from Google. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Google
  • client_secret (str) – The client secret for your application on Google
  • scope (str, optional) – comma-separated list of scopes for the OAuth token. Defaults to the “profile” scope.
  • offline (bool) – Whether to request offline access for the OAuth token. Defaults to False
  • reprompt_consent (bool) – If True, force Google to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /google
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /google/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.google.google

A LocalProxy to a requests.Session that already has the Google authentication token loaded (assuming that the user has authenticated with Google at some point in the past).

Twitter

flask_dance.contrib.twitter.make_twitter_blueprint(api_key=None, api_secret=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Twitter using OAuth 1. This requires an API key and API secret from Twitter. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables TWITTER_OAUTH_API_KEY and TWITTER_OAUTH_API_SECRET.

Parameters:
  • api_key (str) – The API key for your Twitter application
  • api_secret (str) – The API secret for your Twitter application
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /twitter
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /twitter/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth1Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth1ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.twitter.twitter

A LocalProxy to a requests.Session that already has the Twitter authentication token loaded (assuming that the user has authenticated with Twitter at some point in the past).

JIRA

flask_dance.contrib.jira.make_jira_blueprint(base_url, consumer_key=None, rsa_key=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with JIRA using OAuth 1. This requires a consumer key and RSA key for the JIRA appication link. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables JIRA_OAUTH_CONSUMER_KEY and JIRA_OAUTH_RSA_KEY.

Parameters:
  • base_url (str) – The base URL of your JIRA installation. For example, for Atlassian’s hosted Cloud JIRA, the base_url would be https://jira.atlassian.com
  • consumer_key (str) – The consumer key for your Application Link on JIRA
  • rsa_key (str or path) – The RSA private key for your Application Link on JIRA. This can be the contents of the key as a string, or a path to the key file on disk.
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /jira
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /jira/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to JsonOAuth1Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth1ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.jira.jira

A LocalProxy to a requests.Session that already has the JIRA authentication token loaded (assuming that the user has authenticated with JIRA at some point in the past).

Dropbox

flask_dance.contrib.dropbox.make_dropbox_blueprint(app_key=None, app_secret=None, scope=None, force_reapprove=False, disable_signup=False, require_role=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Dropbox using OAuth 2. This requires a client ID and client secret from Dropbox. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables DROPBOX_OAUTH_APP_KEY and DROPBOX_OAUTH_APP_SECRET.

For more information about the force_reapprove, disable_signup, and require_role arguments, check the Dropbox API documentation.

Parameters:
  • app_key (str) – The client ID for your application on Dropbox.
  • app_secret (str) – The client secret for your application on Dropbox
  • scope (str, optional) – Comma-separated list of scopes for the OAuth token
  • force_reapprove (bool) – Force the user to approve the app again if they’ve already done so.
  • disable_signup (bool) – Prevent users from seeing a sign-up link on the authorization page.
  • require_role (str) – Pass the string work to require a Dropbox for Business account, or the string personal to require a personal account.
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /dropbox
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /dropbox/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.dropbox.dropbox

A LocalProxy to a requests.Session that already has the Dropbox authentication token loaded (assuming that the user has authenticated with Dropbox at some point in the past).

Meetup

flask_dance.contrib.meetup.make_meetup_blueprint(key=None, secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Meetup using OAuth 2. This requires an OAuth consumer from Meetup. You should either pass the key and secret to this constructor, or make sure that your Flask application config defines them, using the variables MEETUP_OAUTH_KEY and MEETUP_OAUTH_SECRET.

Parameters:
  • key (str) – The OAuth consumer key for your application on Meetup
  • secret (str) – The OAuth consumer secret for your application on Meetup
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /meetup
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /meetup/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.meetup.meetup

A LocalProxy to a requests.Session that already has the Meetup authentication token loaded (assuming that the user has authenticated with Meetup at some point in the past).

Slack

flask_dance.contrib.slack.make_slack_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Slack using OAuth 2. This requires a client ID and client secret from Slack. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables SLACK_OAUTH_CLIENT_ID and SLACK_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Slack.
  • client_secret (str) – The client secret for your application on Slack
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /slack
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /slack/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.slack.slack

A LocalProxy to a requests.Session that already has the Slack authentication token loaded (assuming that the user has authenticated with Slack at some point in the past).

Azure

flask_dance.contrib.azure.make_azure_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Azure AD using OAuth 2. This requires a client ID and client secret from Azure AD. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables AZURE_OAUTH_CLIENT_ID and AZURE_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Azure AD.
  • client_secret (str) – The client secret for your application on Azure AD
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /azure
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /azure/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.azure.azure

A LocalProxy to a requests.Session that already has the Azure AD authentication token loaded (assuming that the user has authenticated with Azure AD at some point in the past).

Nylas

flask_dance.contrib.nylas.make_nylas_blueprint(client_id=None, client_secret=None, scope='email', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Nylas using OAuth 2. This requires an API ID and API secret from Nylas. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables NYLAS_OAUTH_CLIENT_KEY and NYLAS_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your developer account on Nylas.
  • client_secret (str) – The client secret for your developer account on Nylas.
  • scope (str, optional) – comma-separated list of scopes for the OAuth token. Defaults to “email”.
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /nylas
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /nylas/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.nylas.nylas

A LocalProxy to a requests.Session that already has the Nylas authentication token loaded (assuming that the user has authenticated with Nylas at some point in the past).

Spotify

flask_dance.contrib.spotify.make_spotify_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Spotify using OAuth 2. This requires a client ID and client secret from Spotify. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables SPOTIFY_OAUTH_CLIENT_ID and SPOTIFY_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Spotify.
  • client_secret (str) – The client secret for your application on Spotify
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /spotify
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /spotify/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.spotify.spotify

A LocalProxy to a requests.Session that already has the Spotify authentication token loaded (assuming that the user has authenticated with Spotify at some point in the past).

Discord

flask_dance.contrib.discord.make_discord_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, backend=None)[source]

Make a blueprint for authenticating with Discord using OAuth 2. This requires a client ID and client secret from Discord. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables DISCORD_OAUTH_CLIENT_ID and DISCORD_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Discord.
  • client_secret (str) – The client secret for your application on Discord
  • scope (list, optional) – list of scopes (str) for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /discord
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /discord/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • backend – A storage backend class, or an instance of a storage backend class, to use for this blueprint. Defaults to SessionBackend.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.discord.discord

A LocalProxy to a requests.Session that already has the Discord authentication token loaded (assuming that the user has authenticated with Discord at some point in the past).

Custom

Flask-Dance allows you to build authentication blueprints for any OAuth provider, not just the ones listed above. For example, let’s create a blueprint for a fictional OAuth provider called oauth-example.com. We check the documentation for oauth-example.com, and discover that they’re using OAuth 2, the access token URL is https://oauth-example.com/login/access_token, and the authorization URL is https://oauth-example.com/login/authorize. We could then build the blueprint like this:

from flask import Flask
from flask_dance.consumer import OAuth2ConsumerBlueprint

app = Flask(__name__)
example_blueprint = OAuth2ConsumerBlueprint(
    "oauth-example", __name__,
    client_id="my-key-here",
    client_secret="my-secret-here",
    base_url="https://oauth-example.com",
    token_url="https://oauth-example.com/login/access_token",
    authorization_url="https://oauth-example.com/login/authorize",
)
app.register_blueprint(example_blueprint, url_prefix="/login")

Now, in your page template, you can do something like:

<a href="{{ url_for("oauth-example.login") }}">Login with OAuth Example</a>

And in your views, you can make authenticated requests using the session attribute on the blueprint:

resp = example_blueprint.session.get("/user")
assert resp.ok
print("Here's the content of my response: " + resp.content)

It all follows the same patterns as the Quickstarts. You can also read the code to see how the pre-set configurations are implemented – it’s very short.