Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
## Flask auth options for ADAPTS
2 factor authorization should be implemented alongside any main signin method.
Something like [this](https://blog.miguelgrinberg.com/post/two-factor-authentication-with-flask)
### Oauth2 (SSO)
Reuires a few things.
- A trusted Oauth2 server
- This could be a hassle and vector of attack
- If we wanted to roll our own this is a [good starting point](https://github.com/authlib/example-oauth2-server)
- On the app server, it would be something like this https://pythonhosted.org/Flask-OAuth/
Pros:
- Nice because you can define scopes which allows for easy resource management.
- Battletested
- Can be dockerized
Cons:
- External authorization server (attac vector)
- Source of weird network bugs
- Distributed logs (need for log aggregation)
I think you could run the oauth2 server on the same server, maybe a VLAN or something. More on that [here](https://stackoverflow.com/questions/38083621/oauth-2-0-with-a-single-server)
### Username/Password combo
Use [Flask-Login](https://flask-login.readthedocs.io/en/latest/#flask-login) as starting point
Subclass users to build out auth
Pros:
- Simple to implement
- Lots of documentation around it with Flask
- localization support out of box
Cons:
- None as long as 2fa implemented or strict policies around session management
Both of the methods above support the ORM sqlalchemy however some of the more critical auth stuff should be raw queuries
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment