Welcome to Flask-Security
*************************

[image: Flask-Security: add a drop of security to your Flask
application.][image]

Flask-Security allows you to quickly add common security mechanisms to
your Flask application. They include:

1. Session based authentication

2. Role and Permission management

3. Password hashing

4. Basic HTTP authentication

5. Token based authentication

6. Token based account activation (optional)

7. Token based password recovery / resetting (optional)

8. Two-factor authentication (optional)

9. Unified sign in (optional)

10. User registration (optional)

11. Login tracking (optional)

12. JSON/Ajax Support

Many of these features are made possible by integrating various Flask
extensions and libraries. They include:

* Flask-Login

* Flask-Mail

* Flask-Principal

* Flask-WTF

* itsdangerous

* passlib

* PyQRCode

Additionally, it assumes you'll be using a common library for your
database connections and model definitions. Flask-Security supports
the following Flask extensions out of the box for data persistence:

1. Flask-SQLAlchemy

2. Flask-MongoEngine

3. Peewee Flask utils

4. PonyORM - NOTE: not currently supported.

5. SQLAlchemy sessions


Getting Started
===============

* Installation

* Quick Start

  * Basic SQLAlchemy Application

  * Basic SQLAlchemy Application with session

  * Basic MongoEngine Application

  * Basic Peewee Application

  * Mail Configuration

  * Proxy Configuration

  * Unit Testing Your Application

* Features

  * Session Based Authentication

  * Role/Identity Based Access

  * Password Hashing

  * Password Validation and Complexity

  * Basic HTTP Authentication

  * Token Authentication

  * Two-factor Authentication

  * Unified Sign In

  * Email Confirmation

  * Password Reset/Recovery

  * User Registration

  * Password Change

  * Login Tracking

  * JSON/Ajax Support

  * Command Line Interface

* Configuration

  * Core

  * Core - Multi-factor

  * Core - rarely need changing

  * Login/Logout

  * Registerable

  * Confirmable

  * Changeable

  * Recoverable

  * Two-Factor

  * Unified Signin

  * Passwordless

  * Trackable

  * Feature Flags

  * URLs and Views

  * Template Paths

  * Messages

* Models

  * Additional Functionality


Customizing and Usage Patterns
==============================

* Customizing

  * Views

  * Forms

  * Localization

  * Emails

  * Responses

  * Authorization with OAuth2

* Two-factor Configurations

  * Basic SQLAlchemy Two-Factor Application

  * Adding SMS

  * Theory of Operation

  * Validity

* Working with Single Page Applications

  * Configuration

  * Security Considerations

  * Nginx

  * Amazon lambda gateway / Serverless

* Security Patterns

  * Authentication and Authorization

  * Password Validation and Complexity

  * CSRF


API
===

* API

  * Core

  * Protecting Views

  * User Object Helpers

  * Datastores

  * Utils

  * Signals


Additional Notes
================

* Contributing

  * Checklist

  * Getting the code

  * Updating the Swagger API document

  * Updating Translations

  * Testing

* Flask-Security Changelog

  * Version 4.1.5

  * Version 4.1.4

  * Version 4.1.3

  * Version 4.1.2

  * Version 4.1.1

  * Version 4.1.0

  * Version 4.0.1

  * Version 4.0.0

  * Version 4.0.0rc2

  * Version 3.4.5

  * Version 3.4.4

  * Version 3.4.3

  * Version 3.4.2

  * Version 3.4.1

  * Version 3.4.0

  * Version 3.3.3

  * Version 3.3.2

  * Version 3.3.1

  * Version 3.3.0

  * Version 3.2.0

  * Version 3.1.0

  * Version 3.0.2

  * Version 3.0.1

  * Version 3.0.0

  * Version 1.7.5

  * Version 1.7.4

  * Version 1.7.3

  * Version 1.7.2

  * Version 1.7.1

  * Version 1.7.0

  * Version 1.6.9

  * Version 1.6.8

  * Version 1.6.7

  * Version 1.6.6

  * Version 1.6.5

  * Version 1.6.4

  * Version 1.6.3

  * Version 1.6.2

  * Version 1.6.1

  * Version 1.6.0

  * Version 1.5.4

  * Version 1.5.3

  * Version 1.5.2

  * Version 1.5.1

  * Version 1.5.0

  * Version 1.2.3

  * Version 1.2.2

  * Version 1.2.1

  * Version 1.2.0

  * Version 1.1.0

* Development Lead

* Maintainer

* Patches and Suggestions
