Providers¶
Flask-Dance comes with pre-set OAuth consumer configurations for a few popular OAuth providers. Flask-Dance also works with providers that aren’t in this list: see the Custom section at the bottom of the page. We also welcome pull requests to add new pre-set provider configurations to Flask-Dance!
Included Providers
Authentiq¶
-
flask_dance.contrib.authentiq.
make_authentiq_blueprint
(client_id=None, client_secret=None, scope='openid profile', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hostname='connect.authentiq.io')[source]¶ Make a blueprint for authenticating with authentiq using OAuth 2. This requires a client ID and client secret from authentiq. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
AUTHENTIQ_OAUTH_CLIENT_ID
andAUTHENTIQ_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Authentiq.
- client_secret (str) – The client secret for your application on Authentiq.
- scope (str, optional) – comma-separated list of scopes for the OAuth token.
- redirect_url (str) – the URL to redirect to after the authentication dance is complete.
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
. - login_url (str, optional) – the URL path for the
login
view. Defaults to/authentiq
. - authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/authentiq/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
. - hostname (str, optional) – If using a private instance of authentiq CE/EE,
specify the hostname, default is
connect.authentiq.io
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.authentiq.
authentiq
¶ A
LocalProxy
to arequests.Session
that already has the Authentiq Connect authentication token loaded (assuming that the user has authenticated with Authentiq at some point in the past).
Azure¶
-
flask_dance.contrib.azure.
make_azure_blueprint
(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, tenant='common')[source]¶ Make a blueprint for authenticating with Azure AD using OAuth 2. This requires a client ID and client secret from Azure AD. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
AZURE_OAUTH_CLIENT_ID
andAZURE_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Azure AD.
- client_secret (str) – The client secret for your application on Azure AD
- scope (str, optional) – comma-separated list of scopes for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/azure
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/azure/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
. - tenant – Determine which accounts are allowed to authenticate with Azure.
See the Azure documentation for more information about this parameter.
Defaults to
common
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.azure.
azure
¶ A
LocalProxy
to arequests.Session
that already has the Azure AD authentication token loaded (assuming that the user has authenticated with Azure AD at some point in the past).
Discord¶
-
flask_dance.contrib.discord.
make_discord_blueprint
(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Discord using OAuth 2. This requires a client ID and client secret from Discord. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
DISCORD_OAUTH_CLIENT_ID
andDISCORD_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Discord.
- client_secret (str) – The client secret for your application on Discord
- scope (list, optional) – list of scopes (str) for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/discord
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/discord/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.discord.
discord
¶ A
LocalProxy
to arequests.Session
that already has the Discord authentication token loaded (assuming that the user has authenticated with Discord at some point in the past).
Dropbox¶
-
flask_dance.contrib.dropbox.
make_dropbox_blueprint
(app_key=None, app_secret=None, scope=None, force_reapprove=False, disable_signup=False, require_role=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Dropbox using OAuth 2. This requires a client ID and client secret from Dropbox. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
DROPBOX_OAUTH_CLIENT_ID
andDROPBOX_OAUTH_CLIENT_SECRET
.For more information about the
force_reapprove
,disable_signup
, andrequire_role
arguments, check the Dropbox API documentation.Parameters: - app_key (str) – The client ID for your application on Dropbox.
- app_secret (str) – The client secret for your application on Dropbox
- scope (str, optional) – Comma-separated list of scopes for the OAuth token
- force_reapprove (bool) – Force the user to approve the app again if they’ve already done so.
- disable_signup (bool) – Prevent users from seeing a sign-up link on the authorization page.
- require_role (str) – Pass the string
work
to require a Dropbox for Business account, or the stringpersonal
to require a personal account. - redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/dropbox
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/dropbox/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.dropbox.
dropbox
¶ A
LocalProxy
to arequests.Session
that already has the Dropbox authentication token loaded (assuming that the user has authenticated with Dropbox at some point in the past).
Facebook¶
-
flask_dance.contrib.facebook.
make_facebook_blueprint
(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, rerequest_declined_permissions=False, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Facebook using OAuth 2. This requires a client ID and client secret from Facebook. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
FACEBOOK_OAUTH_CLIENT_ID
andFACEBOOK_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Facebook.
- client_secret (str) – The client secret for your application on Facebook
- scope (str, optional) – comma-separated list of scopes for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/facebook
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/facebook/authorized
. - rerequest_declined_permissions (bool, optional) – should the blueprint ask again for declined permissions.
Defaults to
False
- session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.facebook.
facebook
¶ A
LocalProxy
to arequests.Session
that already has the Facebook authentication token loaded (assuming that the user has authenticated with Facebook at some point in the past).
GitHub¶
-
flask_dance.contrib.github.
make_github_blueprint
(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with GitHub using OAuth 2. This requires a client ID and client secret from GitHub. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
GITHUB_OAUTH_CLIENT_ID
andGITHUB_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on GitHub.
- client_secret (str) – The client secret for your application on GitHub
- scope (str, optional) – comma-separated list of scopes for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/github
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/github/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.github.
github
¶ A
LocalProxy
to arequests.Session
that already has the GitHub authentication token loaded (assuming that the user has authenticated with GitHub at some point in the past).
GitLab¶
-
flask_dance.contrib.gitlab.
make_gitlab_blueprint
(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hostname='gitlab.com')[source]¶ Make a blueprint for authenticating with GitLab using OAuth 2. This requires a client ID and client secret from GitLab. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
GITLAB_OAUTH_CLIENT_ID
andGITLAB_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on GitLab.
- client_secret (str) – The client secret for your application on GitLab
- scope (str, optional) – comma-separated list of scopes for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/gitlab
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/gitlab/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
. - hostname (str, optional) – If using a private instance of GitLab CE/EE,
specify the hostname, default is
gitlab.com
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.gitlab.
gitlab
¶ A
LocalProxy
to arequests.Session
that already has the GitLab authentication token loaded (assuming that the user has authenticated with GitLab at some point in the past).
Google¶
-
flask_dance.contrib.google.
make_google_blueprint
(client_id=None, client_secret=None, scope=None, offline=False, reprompt_consent=False, reprompt_select_account=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, hosted_domain=None)[source]¶ Make a blueprint for authenticating with Google using OAuth 2. This requires a client ID and client secret from Google. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
GOOGLE_OAUTH_CLIENT_ID
andGOOGLE_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Google
- client_secret (str) – The client secret for your application on Google
- scope (str, optional) – comma-separated list of scopes for the OAuth token. Defaults to the “https://www.googleapis.com/auth/userinfo.profile” scope.
- offline (bool) – Whether to request offline access for the OAuth token. Defaults to False
- reprompt_consent (bool) – If True, force Google to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False
- reprompt_select_account (bool) – If True, force Google to re-prompt the select account page, even if there is a single logged-in user. Defaults to False
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/google
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/google/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
. - hosted_domain (str, optional) – The domain of the G Suite user. Used to indicate that the account selection UI should be optimized for accounts at this domain. Note that this only provides UI optimization, and requires response validation (see warning).
Warning
The
hosted_domain
argument only provides UI optimization. Don’t rely on this argument to control who can access your application. You must verify that thehd
claim of the response ID token matches thehosted_domain
argument passed tomake_google_blueprint
. For example:from flask import session, abort from flask_dance.consumer import oauth_authorized from flask_dance.contrib.google import make_google_blueprint, google import requests google_bp = make_google_blueprint( client_id="foo", client_secret="bar", scope=["profile", "email"], hosted_domain="example.com" ) @oauth_authorized.connect_via(google_bp) def logged_in(blueprint, token): resp_json = google.get("/oauth2/v2/userinfo").json() if resp_json["hd"] != blueprint.authorization_url_params["hd"]: requests.post( "https://accounts.google.com/o/oauth2/revoke", params={"token": token["access_token"]} ) session.clear() abort(403)
Return type: OAuth2ConsumerBlueprint
Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.google.
google
¶ A
LocalProxy
to arequests.Session
that already has the Google authentication token loaded (assuming that the user has authenticated with Google at some point in the past).
JIRA¶
-
flask_dance.contrib.jira.
make_jira_blueprint
(base_url, consumer_key=None, rsa_key=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with JIRA using OAuth 1. This requires a consumer key and RSA key for the JIRA application link. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
JIRA_OAUTH_CONSUMER_KEY
andJIRA_OAUTH_RSA_KEY
.Parameters: - base_url (str) – The base URL of your JIRA installation. For example,
for Atlassian’s hosted Cloud JIRA, the base_url would be
https://jira.atlassian.com
- consumer_key (str) – The consumer key for your Application Link on JIRA
- rsa_key (str or path) – The RSA private key for your Application Link on JIRA. This can be the contents of the key as a string, or a path to the key file on disk.
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/jira
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/jira/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
JsonOAuth1Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
- base_url (str) – The base URL of your JIRA installation. For example,
for Atlassian’s hosted Cloud JIRA, the base_url would be
-
flask_dance.contrib.jira.
jira
¶ A
LocalProxy
to arequests.Session
that already has the JIRA authentication token loaded (assuming that the user has authenticated with JIRA at some point in the past).
Meetup¶
-
flask_dance.contrib.meetup.
make_meetup_blueprint
(key=None, secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Meetup using OAuth 2. This requires an OAuth consumer from Meetup. You should either pass the key and secret to this constructor, or make sure that your Flask application config defines them, using the variables
MEETUP_OAUTH_CLIENT_ID
andMEETUP_OAUTH_CLIENT_SECRET
.Parameters: - key (str) – The OAuth consumer key for your application on Meetup
- secret (str) – The OAuth consumer secret for your application on Meetup
- scope (str, optional) – comma-separated list of scopes for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/meetup
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/meetup/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.meetup.
meetup
¶ A
LocalProxy
to arequests.Session
that already has the Meetup authentication token loaded (assuming that the user has authenticated with Meetup at some point in the past).
Nylas¶
-
flask_dance.contrib.nylas.
make_nylas_blueprint
(client_id=None, client_secret=None, scope='email', redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Nylas using OAuth 2. This requires an API ID and API secret from Nylas. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
NYLAS_OAUTH_CLIENT_KEY
andNYLAS_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your developer account on Nylas.
- client_secret (str) – The client secret for your developer account on Nylas.
- scope (str, optional) – comma-separated list of scopes for the OAuth token. Defaults to “email”.
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/nylas
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/nylas/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.nylas.
nylas
¶ A
LocalProxy
to arequests.Session
that already has the Nylas authentication token loaded (assuming that the user has authenticated with Nylas at some point in the past).
Okta¶
-
flask_dance.contrib.okta.
make_okta_blueprint
(client_id=None, client_secret=None, base_url=None, scope=None, redirect_url=None, token_url=None, redirect_to=None, login_url=None, authorization_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Okta using OAuth 2. This requires a client ID and client secret from OKta. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
OKTA_OAUTH_CLIENT_ID
andOKTA_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Okta.
- client_secret (str) – The client secret for your application on Okta
- scope (list, optional) – list of scopes (str) for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/okta
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/okta/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.okta.
okta
¶ A
LocalProxy
to arequests.Session
that already has the Okta authentication token loaded (assuming that the user has authenticated with Okta at some point in the past).
Reddit¶
-
flask_dance.contrib.reddit.
make_reddit_blueprint
(client_id=None, client_secret=None, scope='identity', permanent=False, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, user_agent=None)[source]¶ Make a blueprint for authenticating with Reddit using OAuth 2. This requires a client ID and client secret from Reddit. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
REDDIT_OAUTH_CLIENT_ID
andREDDIT_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Reddit.
- client_secret (str) – The client secret for your application on Reddit
- scope (str, optional) – space-separated list of scopes for the OAuth token
Defaults to
identity
- permanent (bool, optional) – Whether to request permanent access token. Defaults to False, access will be valid for 1 hour
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/reddit
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/reddit/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
RedditOAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
. - user_agent (str, optional) – User agent for the requests to Reddit API.
Defaults to
Flask-Dance/{{version}}
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.reddit.
reddit
¶ A
LocalProxy
to arequests.Session
that already has the Reddit authentication token loaded (assuming that the user has authenticated with Reddit at some point in the past).
Slack¶
-
flask_dance.contrib.slack.
make_slack_blueprint
(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Slack using OAuth 2. This requires a client ID and client secret from Slack. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
SLACK_OAUTH_CLIENT_ID
andSLACK_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Slack.
- client_secret (str) – The client secret for your application on Slack
- scope (str, optional) – comma-separated list of scopes for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/slack
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/slack/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.slack.
slack
¶ A
LocalProxy
to arequests.Session
that already has the Slack authentication token loaded (assuming that the user has authenticated with Slack at some point in the past).
Twitter¶
-
flask_dance.contrib.twitter.
make_twitter_blueprint
(api_key=None, api_secret=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Twitter using OAuth 1. This requires an API key and API secret from Twitter. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
TWITTER_OAUTH_CLIENT_KEY
andTWITTER_OAUTH_CLIENT_SECRET
.Parameters: - api_key (str) – The API key for your Twitter application
- api_secret (str) – The API secret for your Twitter application
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/twitter
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/twitter/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth1Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.twitter.
twitter
¶ A
LocalProxy
to arequests.Session
that already has the Twitter authentication token loaded (assuming that the user has authenticated with Twitter at some point in the past).
Spotify¶
-
flask_dance.contrib.spotify.
make_spotify_blueprint
(client_id=None, client_secret=None, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None)[source]¶ Make a blueprint for authenticating with Spotify using OAuth 2. This requires a client ID and client secret from Spotify. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
SPOTIFY_OAUTH_CLIENT_ID
andSPOTIFY_OAUTH_CLIENT_SECRET
.Parameters: - client_id (str) – The client ID for your application on Spotify.
- client_secret (str) – The client secret for your application on Spotify
- scope (str, optional) – comma-separated list of scopes for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/spotify
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/spotify/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
.
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.spotify.
spotify
¶ A
LocalProxy
to arequests.Session
that already has the Spotify authentication token loaded (assuming that the user has authenticated with Spotify at some point in the past).
Zoho¶
-
flask_dance.contrib.zoho.
make_zoho_blueprint
(client_id=None, client_secret=None, scope=None, redirect_url=None, offline=False, redirect_to=None, login_url=None, session_class=None, storage=None, reprompt_consent=False)[source]¶ Make a blueprint for authenticating with Zoho using OAuth 2. This requires a client ID and client secret from Zoho. You should either pass them to this constructor, or make sure that your Flask application config defines them, using the variables
ZOHO_OAUTH_CLIENT_ID
andZOHO_OAUTH_CLIENT_SECRET
. IMPORTANT: Configuring the base_url is not supported in this config.Parameters: - client_id (str) – The client ID for your application on Zoho.
- client_secret (str) – The client secret for your application on Zoho
- scope (list, optional) – list of scopes (str) for the OAuth token
- redirect_url (str) – the URL to redirect to after the authentication dance is complete
- redirect_to (str) – if
redirect_url
is not defined, the name of the view to redirect to after the authentication dance is complete. The actual URL will be determined byflask.url_for()
- login_url (str, optional) – the URL path for the
login
view. Defaults to/zoho
- authorized_url (str, optional) – the URL path for the
authorized
view. Defaults to/zoho/authorized
. - session_class (class, optional) – The class to use for creating a
Requests session. Defaults to
OAuth2Session
. - storage – A token storage class, or an instance of a token storage
class, to use for this blueprint. Defaults to
SessionStorage
. - offline (bool) – Whether to request offline access for the OAuth token. Defaults to False
- reprompt_consent (bool) – If True, force Zoho to re-prompt the user for their consent, even if the user has already given their consent. Defaults to False
Return type: Returns: A blueprint to attach to your Flask app.
-
flask_dance.contrib.zoho.
zoho
¶ A
LocalProxy
to arequests.Session
that already has the Zoho authentication token loaded (assuming that the user has authenticated with Zoho at some point in the past).
Custom¶
Flask-Dance allows you to build authentication blueprints for any OAuth
provider, not just the ones listed above. For example, let’s create a blueprint
for a fictional OAuth provider called oauth-example.com. We check the
documentation for oauth-example.com, and discover that they’re using OAuth 2,
the access token URL is https://oauth-example.com/login/access_token
,
and the authorization URL is https://oauth-example.com/login/authorize
.
We could then build the blueprint like this:
from flask import Flask
from flask_dance.consumer import OAuth2ConsumerBlueprint
app = Flask(__name__)
example_blueprint = OAuth2ConsumerBlueprint(
"oauth-example", __name__,
client_id="my-key-here",
client_secret="my-secret-here",
base_url="https://oauth-example.com",
token_url="https://oauth-example.com/login/access_token",
authorization_url="https://oauth-example.com/login/authorize",
)
app.register_blueprint(example_blueprint, url_prefix="/login")
Now, in your page template, you can do something like:
<a href="{{ url_for("oauth-example.login") }}">Login with OAuth Example</a>
And in your views, you can make authenticated requests using the
session
attribute on the
blueprint:
resp = example_blueprint.session.get("/user")
assert resp.ok
print("Here's the content of my response: " + resp.content)
It all follows the same patterns as the Quickstart example projects. You can also read the code to see how the pre-set configurations are implemented – it’s very short.