Configuration¶
The following configuration values are used by Flask-Identity.
Core¶
These configuration are used globally across all features and should be configurated in application.
- SECRET_KEY¶
This is actually part of Flask - but is used by Flask-Identity to sign all tokens. It is critical this is set to a strong value.
For python3 consider using:
secrets.token_urlsafe()
- UNAUTHORIZED_VIEW¶
Specifies the view to redirect to if a user attempts to access a URL/endpoint that they do not have permission to access. If this value is
None
, the user is presented with a default HTTP 403 response.Default:
None
.
- POST_LOGIN_VIEW¶
Specifies the default view to redirect to after a user logs in. This value can be set to a URL or an endpoint name.
Default:
'/'
.
- POST_LOGOUT_VIEW¶
Specifies the default view to redirect to after a user logs out. This value can be set to a URL or an endpoint name.
Default:
'/'
.
- IDENTITY_FIELD¶
The identity field used to lookup user from
DataStore
. The field must defined inUserMixin
based user class.Default:
'username'
.
- IDENTITY_TOKEN_NAME¶
The name used to store user token in request & session.
Default:
'token'
.
- REMEMBER_ME¶
Specifies whether should remember user when logging in.
Default:
False
.
- NEXT_STORE¶
The page the user is attempting to access is stored in the session or a url parameter when redirecting to the login view. This can be either
'session'
(the default) or'request'
.Default:
'request'
.
- NEXT_KEY¶
The key to store the source url when redirecting to the The key will be used as url parameter in request or key in session.
Default:
'_next'
.
- HASH_SALT¶
Specifies the HMAC salt. This is required for all schemes that are configured for double hashing. A good salt can be generated using:
secrets.SystemRandom().getrandbits(128)
.If this value is
None
(the default), then will useSECRET_KEY
as salt to encrypt hash.Strongly recommend set it to a different value for more security.
Defaults to
None
.
- TOKEN_SALT¶
The salt used to encrypt session, request or cookie token. If this value is
None
(the default), then will useSECRET_KEY
as salt to encrypt token.Strongly recommend set it to a different value for more security.
Default:
None
.
- TOKEN_DURATION¶
The default time before the token expires. It’s also used as the duration for “remember me” cookie.
Default:
365 days
.
- DATASTORE_ADAPTER¶
The custom identity data store to use. This can be either
'pony' | 'sqlalchemy' | 'mongoengine'
, or a custom class implement fromIdentityStore
andStore
.Default:
None
.
Form¶
These configuration are used with build-in form to login in a user.
- FORM_REMEBER_FIELD¶
The form field used to mark whether enable “remember me”.
Default:
'remember'
.
- FORM_NEXT_FIELD¶
The form field used to store the url parameter when redirecting to the login view.
Default:
'next'
.
Session¶
These configuration are used with session.
- SESSION_PROTECTION¶
The mode to use session protection in. This can be either
'basic'
(the default) or'strong'
, orNone
to disable it.Default:
'basic'
.
- SESSION_FRESH_KEY¶
The key to store “fresh” stats in session.
Default:
'_fresh'
.
- SESSION_ID_KEY¶
The key to store session identity in session.
Default:
'_sid'
.
Request¶
These configuration are used with request.
- REQUEST_TOKEN_AUTHENTICATION_HEADER¶
The key to pass the token in HTTP request header.
Default:
'X-Identity-Auth'
.
- REQUEST_TOKEN_AUTHENTICATION_ARG¶
The parameter key to pass the token in HTTP request url.
Default:
'iauth'
.
Blueprint¶
These configuration are used with build-in flask blueprint.
- BLUEPRINT_ENABLED¶
Specifies whether use build-in blueprint for user login and logout.
Default:
True
.
- BLUEPRINT_NAME¶
Specifies the name for the build-in blueprint.
Default:
'identity'
.
- BLUEPRINT_URL_PREFIX¶
Specifies the url prefix for the build-in blueprint.
Default:
'/identity'
.
- BLUEPRINT_SUBDOMAIN¶
Specifies the sub domain for the build-in blueprint.
Default:
None
.
- BLUEPRINT_TEMPLATE_FOLDER¶
Specifies the templates folder for the build-in blueprint.
Default:
'templates'
.
- BLUEPRINT_LOGIN_URL¶
Specifies the “login” url for the build-in blueprint.
Default:
'/login'
.
- BLUEPRINT_LOGIN_METHODS¶
Specifies the http method for the “login” url of the build-in blueprint.
Default:
['GET', 'POST']
.
- BLUEPRINT_LOGIN_USER_TEMPLATE¶
Specifies the template name for the “login” of the build-in blueprint.
Default:
'user_login.html'
.
- BLUEPRINT_LOGOUT_URL¶
Specifies the “logout” url for the build-in blueprint.
Default:
'/logout'
.
- BLUEPRINT_LOGOUT_METHODS¶
Specifies the http method for the “logout” url of the build-in blueprint.
Default:
['GET', 'POST']
.
Misc¶
These configuration are rarely need change.
- HASH_SCHEMES¶
List of accepted password hashes. See Passlib CryptContext docs on Constructor Keyword ‘schemes’
- Example:
['bcrypt', 'argon2']
: Will create new hashes with ‘bcrypt’ and verifies existing hashes with ‘bcrypt’ and ‘argon2’.
Default:
["bcrypt", "argon2", "des_crypt", "pbkdf2_sha256", "pbkdf2_sha512", "sha256_crypt", "sha512_crypt", "plaintext"]
.- Example:
- HASH_OPTIONS¶
Dictionary of CryptContext keywords and hash options. See Passlib CryptContext docs on Constructor Keywords and Passlib CryptContext docs on Algorithm Options
Default:
dict()
.
- EXEMPT_METHODS¶
A set of HTTP methods which are exempt from login_required.
Default:
'OPTIONS'
.
Message¶
These configuration are used in i8n response messages.
- I18N_DOMAIN¶
Specifies the name for domain used for translations.
Default:
'flask_identity'
.
- I18N_DIRNAME¶
Specifies the directory containing the MO files used for translations.
Default: [PATH_LIB]/flask_identity/translations`.