Do you need Access Control?

You can easily mix Flask Simple Login withFlask-Allows:

$ pip install flask_allows

And then:

from flask import Flask, g
from flask_simplelogin import SimpleLogin
from flask_allows import Allows

app = Flask(__name__)
app.config['SECRET_KEY'] = 'something-secret'

def is_staff(ident, request):
    return ident.permlevel == 'staff'

def only_chuck_norris_can_login(user):
    if user.get('username') == 'chuck' and user.get('password') == 'norris':
       # Bind the logged in user data to the `g` global object
       g.user.username = user['username']
       g.user.permlevel = 'staff'  # set user permission level
       return True  # Allowed
    return False  # Denied

# init allows
allows = Allows(identity_loader=lambda: g.user)

# init SimpleLogin
SimpleLogin(app, login_checker=only_chuck_norris_can_login)

# a view which requires a logged in user to be member of the staff group
def a_view():
    return "staff only can see this"

Need JSON Web Token (JWT) support?

Take a look at Flask-JWT-Simple and of course you can mix it with Flask Simple Login.


Those extensions are really complete and production ready!