Configuration¶
The following configuration values are used by Flask-Identity.
Core¶
These configuration are used globally across all features and should be configurated in application.
- SECRET_KEY¶
This is actually part of Flask - but is used by Flask-Identity to sign all tokens. It is critical this is set to a strong value.
For python3 consider using:
secrets.token_urlsafe()
- UNAUTHORIZED_VIEW¶
Specifies the view to redirect to if a user attempts to access a URL/endpoint that they do not have permission to access. If this value is
None, the user is presented with a default HTTP 403 response.Default:
None.
- POST_LOGIN_VIEW¶
Specifies the default view to redirect to after a user logs in. This value can be set to a URL or an endpoint name.
Default:
'/'.
- POST_LOGOUT_VIEW¶
Specifies the default view to redirect to after a user logs out. This value can be set to a URL or an endpoint name.
Default:
'/'.
- IDENTITY_FIELD¶
The identity field used to lookup user from
DataStore. The field must defined inUserMixinbased user class.Default:
'username'.
- IDENTITY_TOKEN_NAME¶
The name used to store user token in request & session.
Default:
'token'.
- REMEMBER_ME¶
Specifies whether should remember user when logging in.
Default:
False.
- NEXT_STORE¶
The page the user is attempting to access is stored in the session or a url parameter when redirecting to the login view. This can be either
'session'(the default) or'request'.Default:
'request'.
- NEXT_KEY¶
The key to store the source url when redirecting to the The key will be used as url parameter in request or key in session.
Default:
'_next'.
- HASH_SALT¶
Specifies the HMAC salt. This is required for all schemes that are configured for double hashing. A good salt can be generated using:
secrets.SystemRandom().getrandbits(128).If this value is
None(the default), then will useSECRET_KEYas salt to encrypt hash.Strongly recommend set it to a different value for more security.
Defaults to
None.
- TOKEN_SALT¶
The salt used to encrypt session, request or cookie token. If this value is
None(the default), then will useSECRET_KEYas salt to encrypt token.Strongly recommend set it to a different value for more security.
Default:
None.
- TOKEN_DURATION¶
The default time before the token expires. It’s also used as the duration for “remember me” cookie.
Default:
365 days.
- DATASTORE_ADAPTER¶
The custom identity data store to use. This can be either
'pony' | 'sqlalchemy' | 'mongoengine', or a custom class implement fromIdentityStoreandStore.Default:
None.
Form¶
These configuration are used with build-in form to login in a user.
- FORM_REMEBER_FIELD¶
The form field used to mark whether enable “remember me”.
Default:
'remember'.
- FORM_NEXT_FIELD¶
The form field used to store the url parameter when redirecting to the login view.
Default:
'next'.
Session¶
These configuration are used with session.
- SESSION_PROTECTION¶
The mode to use session protection in. This can be either
'basic'(the default) or'strong', orNoneto disable it.Default:
'basic'.
- SESSION_FRESH_KEY¶
The key to store “fresh” stats in session.
Default:
'_fresh'.
- SESSION_ID_KEY¶
The key to store session identity in session.
Default:
'_sid'.
Request¶
These configuration are used with request.
- REQUEST_TOKEN_AUTHENTICATION_HEADER¶
The key to pass the token in HTTP request header.
Default:
'X-Identity-Auth'.
- REQUEST_TOKEN_AUTHENTICATION_ARG¶
The parameter key to pass the token in HTTP request url.
Default:
'iauth'.
Blueprint¶
These configuration are used with build-in flask blueprint.
- BLUEPRINT_ENABLED¶
Specifies whether use build-in blueprint for user login and logout.
Default:
True.
- BLUEPRINT_NAME¶
Specifies the name for the build-in blueprint.
Default:
'identity'.
- BLUEPRINT_URL_PREFIX¶
Specifies the url prefix for the build-in blueprint.
Default:
'/identity'.
- BLUEPRINT_SUBDOMAIN¶
Specifies the sub domain for the build-in blueprint.
Default:
None.
- BLUEPRINT_TEMPLATE_FOLDER¶
Specifies the templates folder for the build-in blueprint.
Default:
'templates'.
- BLUEPRINT_LOGIN_URL¶
Specifies the “login” url for the build-in blueprint.
Default:
'/login'.
- BLUEPRINT_LOGIN_METHODS¶
Specifies the http method for the “login” url of the build-in blueprint.
Default:
['GET', 'POST'].
- BLUEPRINT_LOGIN_USER_TEMPLATE¶
Specifies the template name for the “login” of the build-in blueprint.
Default:
'user_login.html'.
- BLUEPRINT_LOGOUT_URL¶
Specifies the “logout” url for the build-in blueprint.
Default:
'/logout'.
- BLUEPRINT_LOGOUT_METHODS¶
Specifies the http method for the “logout” url of the build-in blueprint.
Default:
['GET', 'POST'].
Misc¶
These configuration are rarely need change.
- HASH_SCHEMES¶
List of accepted password hashes. See Passlib CryptContext docs on Constructor Keyword ‘schemes’
- Example:
['bcrypt', 'argon2']: Will create new hashes with ‘bcrypt’ and verifies existing hashes with ‘bcrypt’ and ‘argon2’.
Default:
["bcrypt", "argon2", "des_crypt", "pbkdf2_sha256", "pbkdf2_sha512", "sha256_crypt", "sha512_crypt", "plaintext"].- Example:
- HASH_OPTIONS¶
Dictionary of CryptContext keywords and hash options. See Passlib CryptContext docs on Constructor Keywords and Passlib CryptContext docs on Algorithm Options
Default:
dict().
- EXEMPT_METHODS¶
A set of HTTP methods which are exempt from login_required.
Default:
'OPTIONS'.
Message¶
These configuration are used in i8n response messages.
- I18N_DOMAIN¶
Specifies the name for domain used for translations.
Default:
'flask_identity'.
- I18N_DIRNAME¶
Specifies the directory containing the MO files used for translations.
Default: [PATH_LIB]/flask_identity/translations`.