[Flask] transfer login status to another flask application

Ares Ou aresowj at gmail.com
Mon Nov 7 16:48:13 EST 2016 

Hi,

As Unai suggested, you should check the SSO document to see
how they transfer the credentials between applications or even domains.

One more thing to note is, you should never store the password in
plain text which might be convenient for you to come up with a solution.

Thanks.

Best regards,
Ares Ou

*Software Engineer / Full-Stack Python Developer*

*Blog:* http://aresou.net  |  *Github:* https://github.com/aresowj
*Stack Overflow:* http://stackoverflow.com/users/5183727/ares-ou

Ares Ou

On Sat, Nov 5, 2016 at 5:19 PM, Unai Rodriguez <unai at sysbible.org> wrote:

> Hi Patrick,
>
> My understanding is that you're trying to implement something similar to
> CAS SSO using Flask. Perhaps their documentation could help you?
>
> https://apereo.github.io/cas/4.2.x/planning/Architecture.html
>
> In fact you might just be able to integrate your Flask apps with CAS
> without implementing it yourself...
>
> -- unai
>
>
> On Sun, Nov 6, 2016, at 06:23 AM, Patrick Rieser wrote:
>
>
> Hey everybody,
>
> I wonder if there is a way to transfer the login status of a user to
> another flask application. Consider the a typical login process:
>
> a) User visits login.domain and puts in his credentials
> b) flask application at login.domain takes this credentials and sends the
> user and password to the internal api with the user and password
> c) The api hashes the password and compares it to the database and if
> valid an api token that simply consists of the username is generated and
> sent as a response (to increase the security of the internal api)
> d) login application verifies the login and a login cookie is generated
> (all with running flask-login) and then stores the token in the flask
> session to easily access the api
> e) login application redicets to another flask application (e.g.
> project_0) and tells this application that the user is already logged in
> and passes the api token (and the login status)
>
> So a) through d) are perfectly fine, but I don't really have any clue how
> to accomplish e), especially how the other application (project_0) can be
> made aware in a secure way that the user is already logged in, i.e. somehow
> copy the login cookie or generate a new one. Any help, clues or pointers
> are greatly appreciated!
>
>
> With kind regards,
> Patrick
>
>
> *_______________________________________________*
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
>
>
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20161107/7804038a/attachment.html>

More information about the Flask mailing list