Python ยท Flask
PyPI versionCI status

Authentication for Flask

A session resolver, a require_auth decorator, and a logout handler for Flask โ€” the context resolves once and caches on flask.g. Validate Authdog sessions on every request, on the same wire as the Node SDKs.

Decorators and flask.g

Everything Flask apps need

A drop-in session resolver, a require_auth decorator, and a typed context cached on flask.g โ€” plain Flask, wire-compatible with the rest of your Authdog stack.

A session on flask.g

authdog.session() resolves the request's session and caches it on flask.g, returning a typed AuthdogContext โ€” token, user, and is_authenticated โ€” from any view.

require_auth decorator

Stack @authdog.require_auth on a view and Flask rejects unauthenticated requests with a 401, returning the user object otherwise. This is the security boundary.

At most one userinfo call

The resolved context is cached on flask.g, so calling session() several times in one request still makes a single outbound userinfo call.

Plain Flask decorators

The bindings are ordinary view decorators โ€” stack them under your route, combine them with blueprints, and keep your app's structure unchanged.

Safe logout handler

authdog.logout() returns a redirect Response that expires the session cookie and redirects to a redirect_uri sanitized against open redirects.

Same wire as Node

It mirrors @authdog/express and @authdog/fastify on the wire, so one Authdog environment serves your Node and Flask services interchangeably.

Gate views with a decorator

Protect a view with require_auth

Stack @authdog.require_auth under your route and Flask rejects unauthenticated requests with a 401 before your view runs. Read the verified user from authdog.session(), resolved once per request.

app.py
# app.py
@app.get("/me")
@authdog.require_auth
def me():
return authdog.session().user

Ship secure Flask apps

Authdog's Flask binding resolves the session and enforces auth at a single decorator, caching the result on flask.g so each request makes at most one userinfo call.

session()

To resolve the session

Call authdog.session() in any view for a typed AuthdogContext โ€” cached on flask.g, no per-request wiring.

require_auth

The single enforcement point

Decorate a view with @authdog.require_auth and unauthenticated requests get a 401 before your view runs.

flask.g

Resolved once per request

The context lives on flask.g for the request, so repeated session() calls never trigger a second userinfo lookup.

Add auth to your Flask app.

pip install 'authdog-fastapi[flask]', add the decorator, and gate your views with require_auth today. Free to start, with secure defaults built in.