-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
What u/MikeDoesDo said. `flask-login` is rather built for the traditional approach to login and user management. It doesn't have a concept of auth tokens or JWT. It uses traditional cookies. The code that actually sets the cookie for the session isn't robust for a production app. Secure tokens have to be signed with robust keys. In addition to strong tokens, you also need measures that prevent brute-force attacks. Third party systems like auth0 bring all of this and more. Besides, with these systems you delegate the login process to the UI and the backend simply needs to verify incoming tokens. The crucial part is that you verify the token contents (audience and such) and the signature. For a production app with sensitive data and money behind it, don't settle for anything less than this.
Related posts
-
Some questions about security when using flask
-
Flask-Principal, Flask-Login, remember_me and identity_loaded
-
Tested flask-login based API successfully with Postman. But local React client doesn't use the Set-Cookie returned ?
-
How to implement user_loader callback in Flask-Login
-
python3-saml and flask-login