Quickly add security features to your Flask application.
As of 7/30/2024, the independent fork Flask-Security-Too replaced the archived Flask-Security repo (now called Flask-Security-3.0). This repo is published at PyPI at both Flask-Security and Flask-Security-Too. Please consider changing your requirements file to point to flask-security.
Flask-Security-Too was a fork from the 3.0.0 version of the Original
This project is part of the Pallets Community Ecosystem. Pallets is the open source organization that maintains Flask; Pallets-Eco enables community maintenance of related projects. If you are interested in helping maintain this project, please reach out on the Pallets Discord server <https://discord.gg/pallets>.
- Use OWASP to guide best practice and default configurations.
- Be more opinionated and 'batteries' included by reducing reliance on abandoned projects and bundling in support for common use cases.
- Follow the Pallets lead on supported versions, documentation standards and any other guidelines for extensions that they come up with.
- Continue to add newer authentication/authorization standards:
- 'Social Auth' integrated (using authlib) (5.1)
- WebAuthn support (5.0)
- Two-Factor recovery codes (5.0)
- First-class support for username as identity (4.1)
- Support for freshness decorator to ensure sensitive operations have new authentication (4.0)
- Support for email normalization and validation (4.0)
- Unified signin (username, phone, passwordless) feature (3.4)
Issues and pull requests are welcome. Other maintainers are also welcome. Please consult these contributing guidelines.
Install and update using pip:
pip install -U Flask-Security