Configuring

Simplest way:

from flask import Flask
from flask_simplelogin import SimpleLogin

app = Flask(__name__)
app.config['SECRET_KEY'] = 'something-secret'
app.config['SIMPLELOGIN_USERNAME'] = 'chuck'
app.config['SIMPLELOGIN_PASSWORD'] = 'norris'

SimpleLogin(app)

That works, but is not so clever, let’s use environment variables:

$ export SIMPLELOGIN_USERNAME=chuck
$ export SIMPLELOGIN_PASSWORD=norris

Now Simple Login will read and use them automatically:

from flask import Flask
from flask_simplelogin import SimpleLogin

app = Flask(__name__)
app.config['SECRET_KEY'] = 'something-secret'
SimpleLogin(app)

But what if you have more users and more complex authentication logic?

Using a custom login checker

from flask import Flask
from flask_simplelogin import SimpleLogin

app = Flask(__name__)
app.config['SECRET_KEY'] = 'something-secret'


def only_chuck_norris_can_login(user):
    """:param user: dict {'username': 'foo', 'password': 'bar'}"""
    if user.get('username') == 'chuck' and user.get('password') == 'norris':
       return True  # <--- Allowed
    return False  # <--- Denied


SimpleLogin(app, login_checker=only_chuck_norris_can_login)

Using a custom login, logout or home URL

Simple Login automatically loads Flask configurations prefixed with SIMPLELOGIN_, thus to set a custom login, logout or home URL:

from flask import Flask
from flask_simplelogin import SimpleLogin

app = Flask(__name__)
app.config['SECRET_KEY'] = 'something-secret'
app.config['SIMPLELOGIN_LOGIN_URL'] = '/signin/'
app.config['SIMPLELOGIN_LOGOUT_URL'] = '/exit/'
app.config['SIMPLELOGIN_HOME_URL'] = '/en/'

SimpleLogin(app)

Protection against open redirects

Flask Simple Login doesn’t allow redirects to external URLs, but it can be configured to do so:

app.config["ALLOWED_HOSTS"] = ["myothersite.com"]

Then it is possible to redirect to an external URL in the next= parameter:

url_for('simplelogin.login', next='http://myothersite.com/')

Encrypting passwords

You can use the from werkzeug.security import check_password_hash, generate_password_hash utilities to encrypt passwords.

A working example is available in manage.py of example app

Registering Custom Logout Callback(s)

You can define multiple custom logout callbacks to be executed after the user logs out using the register_on_logout_callback method:

from flask import Flask
from flask_simplelogin import SimpleLogin

app = Flask(__name__)
app.config['SECRET_KEY'] = 'something-secret'
simple_login = SimpleLogin(app)

def my_post_logout_callback():
    print("User has logged out")

def another_post_logout_callback():
    print("Another action after logout")

simple_login.register_on_logout_callback(my_post_logout_callback)
simple_login.register_on_logout_callback(another_post_logout_callback)

The callbacks will be executed in the order they were registered.