[Flask] transfer login status to another flask application
Unai Rodriguez
unai at sysbible.org
Sat Nov 5 20:19:05 EDT 2016
Hi Patrick,
My understanding is that you're trying to implement something similar to
CAS SSO using Flask. Perhaps their documentation could help you?
https://apereo.github.io/cas/4.2.x/planning/Architecture.html
In fact you might just be able to integrate your Flask apps with CAS
without implementing it yourself...
-- unai
On Sun, Nov 6, 2016, at 06:23 AM, Patrick Rieser wrote:
>
> Hey everybody,
>
> I wonder if there is a way to transfer the login status of a user to
> another flask application. Consider the a typical login process:
>
> a) User visits login.domain and puts in his credentials
> b) flask application at login.domain takes this credentials and sends
> the user and password to the internal api with the user and
> password
> c) The api hashes the password and compares it to the database and if
> valid an api token that simply consists of the username is
> generated and sent as a response (to increase the security of the
> internal api)
> d) login application verifies the login and a login cookie is
> generated (all with running flask-login) and then stores the token
> in the flask session to easily access the api
> e) login application redicets to another flask application (e.g.
> project_0) and tells this application that the user is already
> logged in and passes the api token (and the login status)
>
> So a) through d) are perfectly fine, but I don't really have any clue
> how to accomplish e), especially how the other application (project_0)
> can be made aware in a secure way that the user is already logged in,
> i.e. somehow copy the login cookie or generate a new one. Any help,
> clues or pointers are greatly appreciated!
>
>
> With kind regards,
> Patrick
>
> _________________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20161106/b8690ee0/attachment.html>
More information about the Flask
mailing list