Providers

Flask-Dance comes with pre-set OAuth consumer configurations for a few popular OAuth providers. Flask-Dance also works with providers that aren’t in this list: see the Custom section at the bottom of the page. We also welcome pull requests to add new pre-set provider configurations to Flask-Dance!

Atlassian

flask_dance.contrib.atlassian.make_atlassian_blueprint(client_id=None, client_secret=None, *, scope=None, reprompt_consent=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Atlassian using OAuth 2. This requires a client ID and client secret from Atlassian. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables ATLASSIAN_OAUTH_CLIENT_ID and ATLASSIAN_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Atlassian.

  • client_secret (str) – The client secret for your application on Atlassian.

  • scope (str, optional) – comma-separated list of scopes for the OAuth token.

  • reprompt_consent (bool) – If True, force Atlassian to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete.

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for().

  • login_url (str, optional) – the URL path for the login view. Defaults to /atlassian.

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /atlassian/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.atlassian.atlassian

A LocalProxy to a requests.Session that already has the Atlassian authentication token loaded (assuming that the user has authenticated with Atlassian at some point in the past).

Authentiq

flask_dance.contrib.authentiq.make_authentiq_blueprint(client_id=None, client_secret=None, *, scope='openid profile', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hostname='connect.authentiq.io', rule_kwargs=None)[source]

Make a blueprint for authenticating with authentiq using OAuth 2. This requires a client ID and client secret from authentiq. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables AUTHENTIQ_OAUTH_CLIENT_ID and AUTHENTIQ_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Authentiq.

  • client_secret (str) – The client secret for your application on Authentiq.

  • scope (str, optional) – comma-separated list of scopes for the OAuth token.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete.

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for().

  • login_url (str, optional) – the URL path for the login view. Defaults to /authentiq.

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /authentiq/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • hostname (str, optional) – If using a private instance of authentiq CE/EE, specify the hostname, default is connect.authentiq.io.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.authentiq.authentiq

A LocalProxy to a requests.Session that already has the Authentiq Connect authentication token loaded (assuming that the user has authenticated with Authentiq at some point in the past).

Azure

flask_dance.contrib.azure.make_azure_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, tenant='common', prompt=None, domain_hint=None, login_hint=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Azure AD using OAuth 2. This requires a client ID and client secret from Azure AD. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables AZURE_OAUTH_CLIENT_ID and AZURE_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Azure AD.

  • client_secret (str) – The client secret for your application on Azure AD

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /azure

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /azure/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • tenant – Determine which accounts are allowed to authenticate with Azure. See the Azure documentation for more information about this parameter. Defaults to common.

  • prompt (str, optional) – Indicate the type of user interaction that is required. Valid values are login, select_account, consent, admin_consent. Learn more about the options here. Defaults to None

  • domain_hint (str, optional) – Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain_hint is a registered domain for the tenant. If the tenant is federated to an on-premises directory, AAD redirects to the specified tenant federation server. Defaults to None

  • login_hint (str, optional) – Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know their username ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim. Defaults to None

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.azure.azure

A LocalProxy to a requests.Session that already has the Azure AD authentication token loaded (assuming that the user has authenticated with Azure AD at some point in the past).

Dexcom

flask_dance.contrib.dexcom.make_dexcom_blueprint(client_id=None, client_secret=None, *, base_url='https://api.dexcom.com/', scope='offline_access', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Dexcom using OAuth 2. This requires a client ID and client secret from Dexcom. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables DEXCOM_OAUTH_CLIENT_ID and DEXCOM_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Dexcom.

  • client_secret (str) – The client secret for your application on Dexcom

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /dexcom

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /dexcom/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.dexcom.dexcom

A LocalProxy to a requests.Session that already has the Dexcom authentication token loaded (assuming that the user has authenticated with Dexcom at some point in the past).

Digital Ocean

flask_dance.contrib.digitalocean.make_digitalocean_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Digital Ocean using OAuth 2. This requires a client ID and client secret from Digital Ocean. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables DIGITALOCEAN_OAUTH_CLIENT_ID and DIGITALOCEAN_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – Client ID for your application on Digital Ocean

  • client_secret (str) – Client secret for your Digital Ocean application

  • scope (str, optional) – comma-separated list of scopes for the OAuth token.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /digitalocean

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /digitalocean/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.digitalocean.digitalocean

A LocalProxy to a requests.Session that already has the Digital Ocean authentication token loaded (assuming that the user has authenticated with Digital Ocean at some point in the past).

Discord

flask_dance.contrib.discord.make_discord_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, prompt='consent', rule_kwargs=None)[source]

Make a blueprint for authenticating with Discord using OAuth 2. This requires a client ID and client secret from Discord. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables DISCORD_OAUTH_CLIENT_ID and DISCORD_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Discord.

  • client_secret (str) – The client secret for your application on Discord

  • scope (list, optional) – list of scopes (str) for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /discord

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /discord/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • prompt (str, optional) – Define authorization flow. Defaults to consent, setting it to None will skip user interaction if the application was previously approved.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.discord.discord

A LocalProxy to a requests.Session that already has the Discord authentication token loaded (assuming that the user has authenticated with Discord at some point in the past).

Dropbox

flask_dance.contrib.dropbox.make_dropbox_blueprint(app_key=None, app_secret=None, *, scope=None, offline=False, force_reapprove=False, disable_signup=False, require_role=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Dropbox using OAuth 2. This requires a client ID and client secret from Dropbox. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables DROPBOX_OAUTH_CLIENT_ID and DROPBOX_OAUTH_CLIENT_SECRET.

For more information about the force_reapprove, disable_signup, and require_role arguments, check the Dropbox API documentation.

Parameters:
  • app_key (str) – The client ID for your application on Dropbox.

  • app_secret (str) – The client secret for your application on Dropbox

  • scope (str, optional) – Comma-separated list of scopes for the OAuth token

  • offline (bool) – Whether to request Dropbox offline access for the OAuth token. Defaults to False

  • force_reapprove (bool) – Force the user to approve the app again if they’ve already done so.

  • disable_signup (bool) – Prevent users from seeing a sign-up link on the authorization page.

  • require_role (str) – Pass the string work to require a Dropbox for Business account, or the string personal to require a personal account.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /dropbox

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /dropbox/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.dropbox.dropbox

A LocalProxy to a requests.Session that already has the Dropbox authentication token loaded (assuming that the user has authenticated with Dropbox at some point in the past).

Facebook

flask_dance.contrib.facebook.make_facebook_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, rerequest_declined_permissions=False, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Facebook using OAuth 2. This requires a client ID and client secret from Facebook. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables FACEBOOK_OAUTH_CLIENT_ID and FACEBOOK_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Facebook.

  • client_secret (str) – The client secret for your application on Facebook

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /facebook

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /facebook/authorized.

  • rerequest_declined_permissions (bool, optional) – should the blueprint ask again for declined permissions. Defaults to False

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.facebook.facebook

A LocalProxy to a requests.Session that already has the Facebook authentication token loaded (assuming that the user has authenticated with Facebook at some point in the past).

Fitbit

flask_dance.contrib.fitbit.make_fitbit_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Fitbit using OAuth 2. This requires a client ID and client secret from Fitbit. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables FITBIT_OAUTH_CLIENT_ID and FITBIT_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Fitbit.

  • client_secret (str) – The client secret for your application on Fitbit

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /fitbit

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /fitbit/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.fitbit.fitbit

A LocalProxy to a requests.Session that already has the Fitbit authentication token loaded (assuming that the user has authenticated with Fitbit at some point in the past).

GitHub

flask_dance.contrib.github.make_github_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with GitHub using OAuth 2. This requires a client ID and client secret from GitHub. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GITHUB_OAUTH_CLIENT_ID and GITHUB_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on GitHub.

  • client_secret (str) – The client secret for your application on GitHub

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /github

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /github/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.github.github

A LocalProxy to a requests.Session that already has the GitHub authentication token loaded (assuming that the user has authenticated with GitHub at some point in the past).

GitLab

flask_dance.contrib.gitlab.make_gitlab_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hostname='gitlab.com', verify_tls_certificates=True, rule_kwargs=None)[source]

Make a blueprint for authenticating with GitLab using OAuth 2. This requires a client ID and client secret from GitLab. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GITLAB_OAUTH_CLIENT_ID and GITLAB_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on GitLab.

  • client_secret (str) – The client secret for your application on GitLab

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /gitlab

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /gitlab/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • hostname (str, optional) – If using a private instance of GitLab CE/EE, specify the hostname, default is gitlab.com.

  • verify_tls_certificates (bool, optional) – Specify whether TLS certificates should be verified. Set this to False if certificates fail to validate for self-hosted GitLab instances.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None. specify the hostname, default is gitlab.com

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.gitlab.gitlab

A LocalProxy to a requests.Session that already has the GitLab authentication token loaded (assuming that the user has authenticated with GitLab at some point in the past).

Google

flask_dance.contrib.google.make_google_blueprint(client_id=None, client_secret=None, *, scope=None, offline=False, reprompt_consent=False, reprompt_select_account=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hosted_domain=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Google using OAuth 2. This requires a client ID and client secret from Google. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Google

  • client_secret (str) – The client secret for your application on Google

  • scope (str, optional) – comma-separated list of scopes for the OAuth token. Defaults to the “https://www.googleapis.com/auth/userinfo.profile” scope.

  • offline (bool) – Whether to request offline access for the OAuth token. Defaults to False

  • reprompt_consent (bool) – If True, force Google to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False

  • reprompt_select_account (bool) – If True, force Google to re-prompt the select account page, even if there is a single logged-in user. Defaults to False

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /google

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /google/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • hosted_domain (str, optional) – The domain of the G Suite user. Used to indicate that the account selection UI should be optimized for accounts at this domain. Note that this only provides UI optimization, and requires response validation (see warning).

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Warning

The hosted_domain argument only provides UI optimization. Don’t rely on this argument to control who can access your application. You must verify that the hd claim of the response ID token matches the hosted_domain argument passed to make_google_blueprint.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.google.google

A LocalProxy to a requests.Session that already has the Google authentication token loaded (assuming that the user has authenticated with Google at some point in the past).

Heroku

flask_dance.contrib.heroku.make_heroku_blueprint(client_id=None, client_secret=None, *, scope=None, api_version='3', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Heroku using OAuth 2. This requires a client ID and client secret from Heroku. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables HEROKU_OAUTH_CLIENT_ID and HEROKU_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Heroku.

  • client_secret (str) – The client secret for your application on Heroku

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • api_version (str) – The version number of the Heroku API you want to use. Defaults to version 3.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /heroku

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /heroku/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to HerokuOAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.heroku.heroku

A LocalProxy to a requests.Session that already has the Heroku authentication token loaded (assuming that the user has authenticated with Heroku at some point in the past).

JIRA

flask_dance.contrib.jira.make_jira_blueprint(base_url, consumer_key=None, rsa_key=None, *, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with JIRA using OAuth 1. This requires a consumer key and RSA key for the JIRA application link. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables JIRA_OAUTH_CONSUMER_KEY and JIRA_OAUTH_RSA_KEY.

Parameters:
  • base_url (str) – The base URL of your JIRA installation. For example, for Atlassian’s hosted Cloud JIRA, the base_url would be https://jira.atlassian.com

  • consumer_key (str) – The consumer key for your Application Link on JIRA

  • rsa_key (str or path) – The RSA private key for your Application Link on JIRA. This can be the contents of the key as a string, or a path to the key file on disk.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /jira

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /jira/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to JsonOAuth1Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth1ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.jira.jira

A LocalProxy to a requests.Session that already has the JIRA authentication token loaded (assuming that the user has authenticated with JIRA at some point in the past).

LinkedIn

flask_dance.contrib.linkedin.make_linkedin_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with LinkedIn using OAuth 2. This requires a client ID and client secret from LinkedIn. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables LINKEDIN_OAUTH_CLIENT_ID and LINKEDIN_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on LinkedIn.

  • client_secret (str) – The client secret for your application on LinkedIn

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /linkedin

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /linkedin/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.linkedin.linkedin

A LocalProxy to a requests.Session that already has the LinkedIn authentication token loaded (assuming that the user has authenticated with LinkedIn at some point in the past).

Meetup

flask_dance.contrib.meetup.make_meetup_blueprint(key=None, secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Meetup using OAuth 2. This requires an OAuth consumer from Meetup. You should either pass the key and secret to this constructor, or make sure that your Flask application config defines them, using the variables MEETUP_OAUTH_CLIENT_ID and MEETUP_OAUTH_CLIENT_SECRET.

Parameters:
  • key (str) – The OAuth consumer key for your application on Meetup

  • secret (str) – The OAuth consumer secret for your application on Meetup

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /meetup

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /meetup/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.meetup.meetup

A LocalProxy to a requests.Session that already has the Meetup authentication token loaded (assuming that the user has authenticated with Meetup at some point in the past).

Nylas

flask_dance.contrib.nylas.make_nylas_blueprint(client_id=None, client_secret=None, *, scope='email', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Nylas using OAuth 2. This requires an API ID and API secret from Nylas. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables NYLAS_OAUTH_CLIENT_ID and NYLAS_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your developer account on Nylas.

  • client_secret (str) – The client secret for your developer account on Nylas.

  • scope (str, optional) – comma-separated list of scopes for the OAuth token. Defaults to “email”.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /nylas

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /nylas/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.nylas.nylas

A LocalProxy to a requests.Session that already has the Nylas authentication token loaded (assuming that the user has authenticated with Nylas at some point in the past).

OpenStreetMap

flask_dance.contrib.osm.make_osm_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with OpenStreetMap (OSM) using OAuth 2. This requires a client ID and client secret from OpenStreetMap. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables OSM_OAUTH_CLIENT_ID and OSM_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on OpenStreetMap.

  • client_secret (str) – The client secret for your application on OpenStreetMap

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /osm

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /osm/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.osm.osm

A LocalProxy to a requests.Session that already has the OpenStreetMap authentication token loaded (assuming that the user has authenticated with OpenStreetMap at some point in the past).

ORCID

flask_dance.contrib.orcid.make_orcid_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None, sandbox=False)[source]

Make a blueprint for authenticating with ORCID (https://orcid.org) using OAuth2.

This requires a client ID and client secret from ORCID. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables ORCID_OAUTH_CLIENT_ID and ORCID_OAUTH_CLIENT_SECRET.

The ORCID Sandbox API (https://sandbox.orcid.org) will be used if the sandbox argument is set to true.

Parameters:
  • client_id (str) – The client ID for your application on ORCID.

  • client_secret (str) – The client secret for your application on ORCID

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /orcid

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /orcid/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

  • sandbox (bool) – Whether to use the ORCID sandbox instead of the production API.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.orcid.orcid

A LocalProxy to a requests.Session that already has the ORCID (or sandbox ORCID) authentication token loaded (assuming that the user has authenticated with ORCID at some point in the past).

Reddit

flask_dance.contrib.reddit.make_reddit_blueprint(client_id=None, client_secret=None, *, scope='identity', permanent=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, user_agent=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Reddit using OAuth 2. This requires a client ID and client secret from Reddit. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables REDDIT_OAUTH_CLIENT_ID and REDDIT_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Reddit.

  • client_secret (str) – The client secret for your application on Reddit

  • scope (str, optional) – space-separated list of scopes for the OAuth token Defaults to identity

  • permanent (bool, optional) – Whether to request permanent access token. Defaults to False, access will be valid for 1 hour

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /reddit

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /reddit/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to RedditOAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • user_agent (str, optional) – User agent for the requests to Reddit API. Defaults to Flask-Dance/{{version}}.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.reddit.reddit

A LocalProxy to a requests.Session that already has the Reddit authentication token loaded (assuming that the user has authenticated with Reddit at some point in the past).

Salesforce

flask_dance.contrib.salesforce.make_salesforce_blueprint(client_id=None, client_secret=None, *, scope=None, reprompt_consent=False, hostname=None, is_sandbox=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]

Make a blueprint for authenticating with Salesforce using OAuth 2. This requires a client ID and client secret from Salesforce. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables SALESFORCE_OAUTH_CLIENT_ID and SALESFORCE_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Salesforce.

  • client_secret (str) – The client secret for your application on Salesforce.

  • scope (str, optional) – comma-separated list of scopes for the OAuth token.

  • reprompt_consent (bool) – If True, force Salesforce to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False.

  • hostname (str, optional) – The hostname of your Salesforce instance. By default, Salesforce uses login.salesforce.com for production instances and test.salesforce.com for sandboxes.

  • is_sandbox (bool) – If hostname is not defined specify whether Salesforce instance is a sandbox. Defaults to False.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete.

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for().

  • login_url (str, optional) – the URL path for the login view. Defaults to /salesforce.

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /salesforce/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.salesforce.salesforce

A LocalProxy to a requests.Session that already has the Salesforce authentication token loaded (assuming that the user has authenticated with Salesforce at some point in the past).

Slack

flask_dance.contrib.slack.make_slack_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, subdomain=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Slack using OAuth 2. This requires a client ID and client secret from Slack. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables SLACK_OAUTH_CLIENT_ID and SLACK_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Slack.

  • client_secret (str) – The client secret for your application on Slack

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /slack

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /slack/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • subdomain (str, optional) – the name of the subdomain under which your Slack space is accessed. Providing this may improve the login experience.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.slack.slack

A LocalProxy to a requests.Session that already has the Slack authentication token loaded (assuming that the user has authenticated with Slack at some point in the past).

Strava

flask_dance.contrib.strava.make_strava_blueprint(client_id=None, client_secret=None, *, scope='read', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, user_agent=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Strava using OAuth 2. This requires a client ID and client secret from Strava. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables STRAVA_OAUTH_CLIENT_ID and STRAVA_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Strava.

  • client_secret (str) – The client secret for your application on Strava

  • scope (str, optional) – space-separated list of scopes for the OAuth token Defaults to identity

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /strava

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /strava/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to StravaOAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • user_agent (str, optional) – User agent for the requests to Strava API. Defaults to Flask-Dance/{{version}}.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.strava.strava

A LocalProxy to a requests.Session that already has the Strava authentication token loaded (assuming that the user has authenticated with Strava at some point in the past).

Twitch

flask_dance.contrib.twitch.make_twitch_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=<class 'flask_dance.contrib.twitch.ClientIdHeaderOAuth2Session'>, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Twitch using OAuth 2.

This requires a client ID and client secret from Twitch. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables TWITCH_OAUTH_CLIENT_ID and TWITCH_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Twitch. Defaults to app config “TWITCH_OAUTH_CLIENT_ID”.

  • client_secret (str) – The client Secret for your application on Twitch. Defaults to app config “TWITCH_OAUTH_CLIENT_SECRET”.

  • scope (list, optional) – Comma-separated list of scopes for the OAuth token. Defaults to None.

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /twitch

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /twitch/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to ClientIdHeaderOAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Returns:

OAuth2ConsumerBlueprint A blueprint to attach to your Flask app.

flask_dance.contrib.twitch.twitch

A LocalProxy to a requests.Session that already has the Twitch authentication token loaded (assuming that the user has authenticated with Twitch at some point in the past).

Twitter

flask_dance.contrib.twitter.make_twitter_blueprint(api_key=None, api_secret=None, *, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Twitter using OAuth 1. This requires an API key and API secret from Twitter. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables TWITTER_OAUTH_CLIENT_KEY and TWITTER_OAUTH_CLIENT_SECRET.

Parameters:
  • api_key (str) – The API key for your Twitter application

  • api_secret (str) – The API secret for your Twitter application

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /twitter

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /twitter/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth1Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth1ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.twitter.twitter

A LocalProxy to a requests.Session that already has the Twitter authentication token loaded (assuming that the user has authenticated with Twitter at some point in the past).

Spotify

flask_dance.contrib.spotify.make_spotify_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None)[source]

Make a blueprint for authenticating with Spotify using OAuth 2. This requires a client ID and client secret from Spotify. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables SPOTIFY_OAUTH_CLIENT_ID and SPOTIFY_OAUTH_CLIENT_SECRET.

Parameters:
  • client_id (str) – The client ID for your application on Spotify.

  • client_secret (str) – The client secret for your application on Spotify

  • scope (str, optional) – comma-separated list of scopes for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /spotify

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /spotify/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.spotify.spotify

A LocalProxy to a requests.Session that already has the Spotify authentication token loaded (assuming that the user has authenticated with Spotify at some point in the past).

Zoho

flask_dance.contrib.zoho.make_zoho_blueprint(client_id=None, client_secret=None, *, scope=None, redirect_url=None, offline=False, redirect_to=None, login_url=None, session_class=None, storage=None, reprompt_consent=False, rule_kwargs=None)[source]

Make a blueprint for authenticating with Zoho using OAuth 2. This requires a client ID and client secret from Zoho. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables ZOHO_OAUTH_CLIENT_ID and ZOHO_OAUTH_CLIENT_SECRET. IMPORTANT: Configuring the base_url is not supported in this config.

Parameters:
  • client_id (str) – The client ID for your application on Zoho.

  • client_secret (str) – The client secret for your application on Zoho

  • scope (list, optional) – list of scopes (str) for the OAuth token

  • redirect_url (str) – the URL to redirect to after the authentication dance is complete

  • redirect_to (str) – if redirect_url is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined by flask.url_for()

  • login_url (str, optional) – the URL path for the login view. Defaults to /zoho

  • authorized_url (str, optional) – the URL path for the authorized view. Defaults to /zoho/authorized.

  • session_class (class, optional) – The class to use for creating a Requests session. Defaults to OAuth2Session.

  • storage – A token storage class, or an instance of a token storage class, to use for this blueprint. Defaults to SessionStorage.

  • offline (bool) – Whether to request offline access for the OAuth token. Defaults to False

  • reprompt_consent (bool) – If True, force Zoho to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False.

  • rule_kwargs (dict, optional) – Additional arguments that should be passed when adding the login and authorized routes. Defaults to None.

Return type:

OAuth2ConsumerBlueprint

Returns:

A blueprint to attach to your Flask app.

flask_dance.contrib.zoho.zoho

A LocalProxy to a requests.Session that already has the Zoho authentication token loaded (assuming that the user has authenticated with Zoho at some point in the past).

Custom

Flask-Dance allows you to build authentication blueprints for any OAuth provider, not just the ones listed above. For example, let’s create a blueprint for a fictional OAuth provider called oauth-example.com. We check the documentation for oauth-example.com, and discover that they’re using OAuth 2, the access token URL is https://oauth-example.com/login/access_token, and the authorization URL is https://oauth-example.com/login/authorize. We could then build the blueprint like this:

from flask import Flask
from flask_dance.consumer import OAuth2ConsumerBlueprint

app = Flask(__name__)
example_blueprint = OAuth2ConsumerBlueprint(
    "oauth-example", __name__,
    client_id="my-key-here",
    client_secret="my-secret-here",
    base_url="https://oauth-example.com",
    token_url="https://oauth-example.com/login/access_token",
    authorization_url="https://oauth-example.com/login/authorize",
)
app.register_blueprint(example_blueprint, url_prefix="/login")

Now, in your page template, you can do something like:

<a href="{{ url_for("oauth-example.login") }}">Login with OAuth Example</a>

And in your views, you can make authenticated requests using the session attribute on the blueprint:

resp = example_blueprint.session.get("/user")
assert resp.ok
print("Here's the content of my response: " + resp.content)

It all follows the same patterns as the Quickstart example projects. You can also read the code to see how the pre-set configurations are implemented – it’s very short.