Providers

Flask-Dance comes with pre-set OAuth consumer configurations for a few popular OAuth providers. Flask-Dance also works with providers that aren’t in this list: see the Custom section at the bottom of the page. We also welcome pull requests to add new pre-set provider configurations to Flask-Dance!

Authentiq

flask_dance.contrib.authentiq.make_authentiq_blueprint(client_id=None, client_secret=None, scope='openid profile', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hostname='connect.authentiq.io')[source]

Make a blueprint for authenticating with authentiq using OAuth 2. This requires a client ID and client secret from authentiq. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables AUTHENTIQ_OAUTH_CLIENT_ID and AUTHENTIQ_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Authentiq.
  • client_secret (str) – The client secret for your application on Authentiq.
  • scope (str, optional) – comma-separated list of scopes for the OAuth token.
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete.
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for().
  • login_url (str, optional) – the URL path for the login view. Defaults to /authentiq.
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /authentiq/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
  • hostname (str, optional) – If using a private instance of authentiq CE/EE, specify the hostname, default is connect.authentiq.io
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.authentiq.authentiq

A LocalProxy to a requests.Session that already has the Authentiq Connect authentication token loaded (assuming that the user has authenticated with Authentiq at some point in the past).

Azure

flask_dance.contrib.azure.make_azure_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, tenant='common')[source]

Make a blueprint for authenticating with Azure AD using OAuth 2. This requires a client ID and client secret from Azure AD. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables AZURE_OAUTH_CLIENT_ID and AZURE_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Azure AD.
  • client_secret (str) – The client secret for your application on Azure AD
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /azure
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /azure/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
  • tenant – Determine which accounts are allowed to authenticate with Azure. See the Azure documentation for more information about this parameter. Defaults to common.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.azure.azure

A LocalProxy to a requests.Session that already has the Azure AD authentication token loaded (assuming that the user has authenticated with Azure AD at some point in the past).

Discord

flask_dance.contrib.discord.make_discord_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Discord using OAuth 2. This requires a client ID and client secret from Discord. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables DISCORD_OAUTH_CLIENT_ID and DISCORD_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Discord.
  • client_secret (str) – The client secret for your application on Discord
  • scope (list, optional) – list of scopes (str) for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /discord
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /discord/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.discord.discord

A LocalProxy to a requests.Session that already has the Discord authentication token loaded (assuming that the user has authenticated with Discord at some point in the past).

Dropbox

flask_dance.contrib.dropbox.make_dropbox_blueprint(app_key=None, app_secret=None, scope=None, force_reapprove=False, disable_signup=False, require_role=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Dropbox using OAuth 2. This requires a client ID and client secret from Dropbox. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables DROPBOX_OAUTH_CLIENT_ID and DROPBOX_OAUTH_CLIENT_SECRET.

For more information about the force_reapprove, disable_signup, and require_role arguments, check the Dropbox API documentation.

Parameters:
  • app_key (str) – The client ID for your application on Dropbox.
  • app_secret (str) – The client secret for your application on Dropbox
  • scope (str, optional) – Comma-separated list of scopes for the OAuth token
  • force_reapprove (bool) – Force the user to approve the app again if they’ve already done so.
  • disable_signup (bool) – Prevent users from seeing a sign-up link on the authorization page.
  • require_role (str) – Pass the string work to require a Dropbox for Business account, or the string personal to require a personal account.
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /dropbox
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /dropbox/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.dropbox.dropbox

A LocalProxy to a requests.Session that already has the Dropbox authentication token loaded (assuming that the user has authenticated with Dropbox at some point in the past).

Facebook

flask_dance.contrib.facebook.make_facebook_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, rerequest_declined_permissions=False, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Facebook using OAuth 2. This requires a client ID and client secret from Facebook. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables FACEBOOK_OAUTH_CLIENT_ID and FACEBOOK_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Facebook.
  • client_secret (str) – The client secret for your application on Facebook
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /facebook
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /facebook/authorized.
  • rerequest_declined_permissions (bool, optional) – should the blueprint ask again for declined permissions. Defaults to False
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.facebook.facebook

A LocalProxy to a requests.Session that already has the Facebook authentication token loaded (assuming that the user has authenticated with Facebook at some point in the past).

GitHub

flask_dance.contrib.github.make_github_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with GitHub using OAuth 2. This requires a client ID and client secret from GitHub. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GITHUB_OAUTH_CLIENT_ID and GITHUB_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on GitHub.
  • client_secret (str) – The client secret for your application on GitHub
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /github
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /github/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.github.github

A LocalProxy to a requests.Session that already has the GitHub authentication token loaded (assuming that the user has authenticated with GitHub at some point in the past).

GitLab

flask_dance.contrib.gitlab.make_gitlab_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hostname='gitlab.com')[source]

Make a blueprint for authenticating with GitLab using OAuth 2. This requires a client ID and client secret from GitLab. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GITLAB_OAUTH_CLIENT_ID and GITLAB_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on GitLab.
  • client_secret (str) – The client secret for your application on GitLab
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /gitlab
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /gitlab/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
  • hostname (str, optional) – If using a private instance of GitLab CE/EE, specify the hostname, default is gitlab.com
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.gitlab.gitlab

A LocalProxy to a requests.Session that already has the GitLab authentication token loaded (assuming that the user has authenticated with GitLab at some point in the past).

Google

flask_dance.contrib.google.make_google_blueprint(client_id=None, client_secret=None, scope=None, offline=False, reprompt_consent=False, reprompt_select_account=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hosted_domain=None)[source]

Make a blueprint for authenticating with Google using OAuth 2. This requires a client ID and client secret from Google. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Google
  • client_secret (str) – The client secret for your application on Google
  • scope (str, optional) – comma-separated list of scopes for the OAuth token. Defaults to the “https://www.googleapis.com/auth/userinfo.profile” scope.
  • offline (bool) – Whether to request offline access for the OAuth token. Defaults to False
  • reprompt_consent (bool) – If True, force Google to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False
  • reprompt_select_account (bool) – If True, force Google to re-prompt the select account page, even if there is a single logged-in user. Defaults to False
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /google
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /google/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
  • hosted_domain (str, optional) – The domain of the G Suite user. Used to indicate that the account selection UI should be optimized for accounts at this domain. Note that this only provides UI optimization, and requires response validation (see warning).

Warning

The hosted_domain argument only provides UI optimization. Don’t rely on this argument to control who can access your application. You must verify that the hd claim of the response ID token matches the hosted_domain argument passed to make_google_blueprint.

Return type:OAuth2ConsumerBlueprint
Returns:A blueprint to attach to your Flask app.
flask_dance.contrib.google.google

A LocalProxy to a requests.Session that already has the Google authentication token loaded (assuming that the user has authenticated with Google at some point in the past).

Heroku

flask_dance.contrib.heroku.make_heroku_blueprint(client_id=None, client_secret=None, scope=None, api_version='3', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Heroku using OAuth 2. This requires a client ID and client secret from Heroku. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables HEROKU_OAUTH_CLIENT_ID and HEROKU_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Heroku.
  • client_secret (str) – The client secret for your application on Heroku
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • api_version (str) – The version number of the Heroku API you want to use. Defaults to version 3.
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /heroku
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /heroku/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to HerokuOAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.heroku.heroku

A LocalProxy to a requests.Session that already has the Heroku authentication token loaded (assuming that the user has authenticated with Heroku at some point in the past).

JIRA

flask_dance.contrib.jira.make_jira_blueprint(base_url, consumer_key=None, rsa_key=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with JIRA using OAuth 1. This requires a consumer key and RSA key for the JIRA application link. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables JIRA_OAUTH_CONSUMER_KEY and JIRA_OAUTH_RSA_KEY.

Parameters:
  • base_url (str) – The base URL of your JIRA installation. For example, for Atlassian’s hosted Cloud JIRA, the base_url would be https://jira.atlassian.com
  • consumer_key (str) – The consumer key for your Application Link on JIRA
  • rsa_key (str or path) – The RSA private key for your Application Link on JIRA. This can be the contents of the key as a string, or a path to the key file on disk.
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /jira
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /jira/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to JsonOAuth1Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth1ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.jira.jira

A LocalProxy to a requests.Session that already has the JIRA authentication token loaded (assuming that the user has authenticated with JIRA at some point in the past).

LinkedIn

flask_dance.contrib.linkedin.make_linkedin_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with LinkedIn using OAuth 2. This requires a client ID and client secret from LinkedIn. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables LINKEDIN_OAUTH_CLIENT_ID and LINKEDIN_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on LinkedIn.
  • client_secret (str) – The client secret for your application on LinkedIn
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /linkedin
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /linkedin/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.linkedin.linkedin

A LocalProxy to a requests.Session that already has the LinkedIn authentication token loaded (assuming that the user has authenticated with LinkedIn at some point in the past).

Meetup

flask_dance.contrib.meetup.make_meetup_blueprint(key=None, secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Meetup using OAuth 2. This requires an OAuth consumer from Meetup. You should either pass the key and secret to this constructor, or make sure that your Flask application config defines them, using the variables MEETUP_OAUTH_CLIENT_ID and MEETUP_OAUTH_CLIENT_SECRET.

Parameters:
  • key (str) – The OAuth consumer key for your application on Meetup
  • secret (str) – The OAuth consumer secret for your application on Meetup
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /meetup
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /meetup/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.meetup.meetup

A LocalProxy to a requests.Session that already has the Meetup authentication token loaded (assuming that the user has authenticated with Meetup at some point in the past).

Nylas

flask_dance.contrib.nylas.make_nylas_blueprint(client_id=None, client_secret=None, scope='email', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Nylas using OAuth 2. This requires an API ID and API secret from Nylas. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables NYLAS_OAUTH_CLIENT_ID and NYLAS_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your developer account on Nylas.
  • client_secret (str) – The client secret for your developer account on Nylas.
  • scope (str, optional) – comma-separated list of scopes for the OAuth token. Defaults to “email”.
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /nylas
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /nylas/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.nylas.nylas

A LocalProxy to a requests.Session that already has the Nylas authentication token loaded (assuming that the user has authenticated with Nylas at some point in the past).

Reddit

flask_dance.contrib.reddit.make_reddit_blueprint(client_id=None, client_secret=None, scope='identity', permanent=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, user_agent=None)[source]

Make a blueprint for authenticating with Reddit using OAuth 2. This requires a client ID and client secret from Reddit. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables REDDIT_OAUTH_CLIENT_ID and REDDIT_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Reddit.
  • client_secret (str) – The client secret for your application on Reddit
  • scope (str, optional) – space-separated list of scopes for the OAuth token Defaults to identity
  • permanent (bool, optional) – Whether to request permanent access token. Defaults to False, access will be valid for 1 hour
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /reddit
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /reddit/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to RedditOAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
  • user_agent (str, optional) – User agent for the requests to Reddit API. Defaults to Flask-Dance/{{version}}
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.reddit.reddit

A LocalProxy to a requests.Session that already has the Reddit authentication token loaded (assuming that the user has authenticated with Reddit at some point in the past).

Slack

flask_dance.contrib.slack.make_slack_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Slack using OAuth 2. This requires a client ID and client secret from Slack. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables SLACK_OAUTH_CLIENT_ID and SLACK_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Slack.
  • client_secret (str) – The client secret for your application on Slack
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /slack
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /slack/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.slack.slack

A LocalProxy to a requests.Session that already has the Slack authentication token loaded (assuming that the user has authenticated with Slack at some point in the past).

Twitter

flask_dance.contrib.twitter.make_twitter_blueprint(api_key=None, api_secret=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Twitter using OAuth 1. This requires an API key and API secret from Twitter. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables TWITTER_OAUTH_CLIENT_KEY and TWITTER_OAUTH_CLIENT_SECRET.

Parameters:
  • api_key (str) – The API key for your Twitter application
  • api_secret (str) – The API secret for your Twitter application
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /twitter
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /twitter/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth1Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth1ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.twitter.twitter

A LocalProxy to a requests.Session that already has the Twitter authentication token loaded (assuming that the user has authenticated with Twitter at some point in the past).

Spotify

flask_dance.contrib.spotify.make_spotify_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Spotify using OAuth 2. This requires a client ID and client secret from Spotify. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables SPOTIFY_OAUTH_CLIENT_ID and SPOTIFY_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Spotify.
  • client_secret (str) – The client secret for your application on Spotify
  • scope (str, optional) – comma-separated list of scopes for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /spotify
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /spotify/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.spotify.spotify

A LocalProxy to a requests.Session that already has the Spotify authentication token loaded (assuming that the user has authenticated with Spotify at some point in the past).

Zoho

flask_dance.contrib.zoho.make_zoho_blueprint(client_id=None, client_secret=None, scope=None, redirect_url=None, offline=False, redirect_to=None, login_url=None, session_class=None, storage=None, reprompt_consent=False)[source]

Make a blueprint for authenticating with Zoho using OAuth 2. This requires a client ID and client secret from Zoho. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables ZOHO_OAUTH_CLIENT_ID and ZOHO_OAUTH_CLIENT_SECRET. IMPORTANT: Configuring the base_url is not supported in this config.

Parameters:
  • client_id (str) – The client ID for your application on Zoho.
  • client_secret (str) – The client secret for your application on Zoho
  • scope (list, optional) – list of scopes (str) for the OAuth token
  • redirect_url (str) – the URL to redirect to after the authentication dance is complete
  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()
  • login_url (str, optional) – the URL path for the login view. Defaults to /zoho
  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /zoho/authorized.
  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.
  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.
  • offline (bool) – Whether to request offline access for the OAuth token. Defaults to False
  • reprompt_consent (bool) – If True, force Zoho to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False
Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.zoho.zoho

A LocalProxy to a requests.Session that already has the Zoho authentication token loaded (assuming that the user has authenticated with Zoho at some point in the past).

Custom

Flask-Dance allows you to build authentication blueprints for any OAuth provider, not just the ones listed above. For example, let’s create a blueprint for a fictional OAuth provider called oauth-example.com. We check the documentation for oauth-example.com, and discover that they’re using OAuth 2, the access token URL is https://oauth-example.com/login/access_token, and the authorization URL is https://oauth-example.com/login/authorize. We could then build the blueprint like this:

from flask import Flask
from flask_dance.consumer import OAuth2ConsumerBlueprint

app = Flask(__name__)
example_blueprint = OAuth2ConsumerBlueprint(
    "oauth-example", __name__,
    client_id="my-key-here",
    client_secret="my-secret-here",
    base_url="https://oauth-example.com",
    token_url="https://oauth-example.com/login/access_token",
    authorization_url="https://oauth-example.com/login/authorize",
)
app.register_blueprint(example_blueprint, url_prefix="/login")

Now, in your page template, you can do something like:

<a href="{{ url_for("oauth-example.login") }}">Login with OAuth Example</a>

And in your views, you can make authenticated requests using the session attribute on the blueprint:

resp = example_blueprint.session.get("/user")
assert resp.ok
print("Here's the content of my response: " + resp.content)

It all follows the same patterns as the Quickstart example projects. You can also read the code to see how the pre-set configurations are implemented – it’s very short.