Quickstart

Login, Logout and login required (cookie-mode)

This is a quick example that demonstrates how to best use Quart-Auth with web browser clients. It has a route to log users in, another to log them out and finally a route that can only be accessed by logged in users.

from quart import Quart, render_template_string, websocket
from quart_auth import (
    AuthUser, current_user, login_required, login_user, logout_user, QuartAuth
)

app = Quart(__name__)
app.secret_key = "secret key"  # Do not use this key

QuartAuth(app)

@app.route("/login")
async def login():
    # Check Credentials here, e.g. username & password.
    ...
    # We'll assume the user has an identifying ID equal to 2
    login_user(AuthUser(2))
    ...

@app.route("/logout")
async def logout():
    logout_user()
    ...

@app.route("/")
@login_required
async def restricted_route():
    current_user.auth_id  # Will be 2 given the login_user code above
    ...

@app.route("/hello")
async def hello():
    return await render_template_string("""
    {% if current_user.is_authenticated %}
      Hello logged in user
    {% else %}
      Hello logged out user
    {% endif %}
    """)

@app.websocket("/ws")
@login_required
async def ws():
     await websocket.send(f"Hello {current_user.auth_id}")
     ...

Login, restricted routes (bearer-mode)

This is a quick example that demonstrates how to best use Quart-Auth with API clients. It has a route to exchange login information for a bearer token and routes that can only be accessed with a valid bearer token.

from quart import Quart, render_template_string, websocket
from quart_auth import (
    AuthUser, current_user, login_required, login_user, logout_user, QuartAuth
)

app = Quart(__name__)
app.config["QUART_AUTH_MODE"] = "bearer"
app.secret_key = "secret key"  # Do not use this key

auth_manager = QuartAuth(app)

@app.route("/login")
async def login():
    # Check Credentials here, e.g. username & password.
    ...
    # We'll assume the user has an identifying ID equal to 2
    token = auth_manager.dump_token("2")
    return {"token": token}

@app.route("/")
@login_required
async def restricted_route():
    current_user.auth_id  # Will be 2 given the login_user code above
    ...

@app.route("/hello")
async def hello():
    return await render_template_string("""
    {% if current_user.is_authenticated %}
      Hello logged in user
    {% else %}
      Hello logged out user
    {% endif %}
    """)

@app.websocket("/ws")
@login_required
async def ws():
     await websocket.send(f"Hello {current_user.auth_id}")
     ...

Note that the client is required to pass the token in a Authorization header with the bearer prefix.

Basic auth

This is a quick example that demonstrates how to best use Quart-Auth with basic API clients or basic web browsers. It has a route restricted by basic authentication, i.e. it can only be accessed by requests that have the correct basic auth credentials.

from quart import Quart
from quart_auth import basic_auth_required, QuartAuth

app = Quart(__name__)
app.config["QUART_AUTH_BASIC_USERNAME"] = "user"
app.config["QUART_AUTH_BASIC_PASSWORD"] = "password"  # Do not use this password
app.secret_key = "secret key"  # Do not use this key

QuartAuth(app)

@app.route("/")
@basic_auth_required
async def restricted_route():
    ...  # Only called if