-1

I'm struggeling with an stateless Flask Application. Normally I use flask-login to handle all the user management. But now I need to do this stateless cause the application should run on cloud run. So it has to be stateless.

My included RestAPI works perfectly (I use tokens there). But how could I handle the stateless part on the frontend? How could I get the Userinformation in the request? At a stateless server I can't use the clientsession cause I could not verify it in a request? Also I could not use my lovely current_user variable :(

Any help?

Pascal

Pascal
  • 1

1 Answers1

0

There are several types of authentication and Flask-Login uses one called session authentication if you want to make your app stateless you should use token authentication like OAuth2 or JWT. Have a look at Flask-JWT, Flask-JWT-Extended and Flask-OAuthLib.

But this doesn't mean that you have to refactor your application you can just enable the sticky session feature from your cloud provider load balancer.

Have a look at the following documentation for doing that on AWS: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html

Gil Sousa
  • 769
  • 5
  • 12
  • Sticky Sessions are not possible on googles cloud run. So I have to use one of the other Libraries. Is it possible to use Flask-JWT-Extended to handle also the stuff I do with Flask-Login? Like using `current_user` in my template directly? It seems like I have to implement that awesome stuff like `login_view` or `login_message` by myself? – Pascal Mar 16 '21 at 09:15
  • I tried to implement `Flask-JWT-Extended` into my Project. But now I have problems to handle my redirects. I add an header with `['X-JWT-TOKEN'` to the redirect. But it sends me allways an `"msg": "Missing Authorization Header"` if i go to an protected site – Pascal Mar 16 '21 at 10:27