flask-login VS flask-wtf

Are this modules good? https://github.com/flask-admin/flask-admin and https://github.com/maxcountryman/flask-login

flask-login: Provides access to the current username

I use Flask-login and implement role based authentication using decorators.

Flask-Login has a closed Issue #19 on GitHub but it actually doesn't answer my question :-/

You can try to look here https://github.com/maxcountryman/flask-login/blob/main/test_login.py

The example code provided by flask-login does it this way, but this only works because it's pulling the User objects from a global hard-coded dictionary, not as in a real-world scenario like a database, where the DB must be checked and User objects created after the user enters their login credentials. And I can't seem to find any other example code that illustrates using a database with flask-login.

What u/MikeDoesDo said. `flask-login` is rather built for the traditional approach to login and user management. It doesn't have a concept of auth tokens or JWT. It uses traditional cookies. The code that actually sets the cookie for the session isn't robust for a production app. Secure tokens have to be signed with robust keys. In addition to strong tokens, you also need measures that prevent brute-force attacks. Third party systems like auth0 bring all of this and more. Besides, with these systems you delegate the login process to the UI and the backend simply needs to verify incoming tokens. The crucial part is that you verify the token contents (audience and such) and the signature. For a production app with sensitive data and money behind it, don't settle for anything less than this.

https://github.com/maxcountryman/flask-login/blob/c77ba6b12ef5e3045df054cf8bf2d61c4d83f54f/flask_login/mixins.py#L35-L39

Then I get the validation error even if the fields have proper values. I am not able to find anything relevant via Google search that's why I here for help.. Now I want to add validation to the JSON fields and I came to about the Flask-WTF package by doing some googling.

As said in a comment bellow by u/dsaw12, flask-wtf does it all for you. You can read through the source code here. To answer your question, flask-wtf does it for you in this code block. Even if the form was just created there is also code to check if the request give was a POST, PUT, PATCH, or DELETE; after which it then checks if the form was submitted through an _is_submitted() method with in your form class.