Book Image

Mastering Flask Web Development - Second Edition

By : Daniel Gaspar, Jack Stouffer
Book Image

Mastering Flask Web Development - Second Edition

By: Daniel Gaspar, Jack Stouffer

Overview of this book

Flask is a popular Python framework known for its lightweight and modular design. Mastering Flask Web Development will take you on a complete tour of the Flask environment and teach you how to build a production-ready application. You'll begin by learning about the installation of Flask and basic concepts such as MVC and accessing a database using an ORM. You will learn how to structure your application so that it can scale to any size with the help of Flask Blueprints. You'll then learn how to use Jinja2 templates with a high level of expertise. You will also learn how to develop with SQL or NoSQL databases, and how to develop REST APIs and JWT authentication. Next, you'll move on to build role-based access security and authentication using LDAP, OAuth, OpenID, and database. Also learn how to create asynchronous tasks that can scale to any load using Celery and RabbitMQ or Redis. You will also be introduced to a wide range of Flask extensions to leverage technologies such as cache, localization, and debugging. You will learn how to build your own Flask extensions, how to write tests, and how to get test coverage reports. Finally, you will learn how to deploy your application on Heroku and AWS using various technologies, such as Docker, CloudFormation, and Elastic Beanstalk, and will also learn how to develop Jenkins pipelines to build, test, and deploy applications.
Table of Contents (15 chapters)

JWT authentication

To solve our authentication problems, Flask-Login could be used and the cookie data from the login could be checked. However, this would require developers who wish to use our API to have their program login through the web interface. We could also have developers send their login data with every request, but it's a good design practice to only send sensitive information when absolutely necessary. Instead, our API will provide an auth/api endpoint that allows them to send login credentials and get an access token back.

For the authentication mechanism, we are going to use JSON Web Token (JWT) to create access tokens for the consumers of our API upon login. A JWT token asserts which user is logged in, thereby saving the server another call to the database for authentication. This token has an expiration date encoded inside it that will not allow the token...