Comments (9)
Sorry, I dropped the ball on this. I have now release 2.7.0, which adds scheme
and realm
arguments to the two auth constructors. Set the scheme to anything other than Basic/Digest to prevent the browser from displaying the login prompt.
from flask-httpauth.
Can you be more explicit about this idea? Are you thinking in using a custom header or something else?
from flask-httpauth.
@miguelgrinberg Talking about this popup:
This stackoverflow question and this blog post provide more details.
I think it's really dirty and ugly hack, but I couldn't find anything better.
from flask-httpauth.
Okay, this is something that is fairly easy to do, I'll look into it. My way of avoiding the login prompt was to return 403 instead of 401. I think this is still a hack, but less than switching status codes.
from flask-httpauth.
I would love to have this.
Where does you define to return a 403 instead of a 401?
from flask-httpauth.
@soda29 In the custom error handler. There you can return one, two or three values, just like you do in a regular Flask view function.
from flask-httpauth.
Yes sorry, i managed to change it from the custom error handler with a make_response as the documentation says.
Thanks Miguel!
from flask-httpauth.
Currently, in order to avoid browser popup, I return 401
without WWW-Authenticate
header, and that does the trick.
Unfortunately, I have to somehow hack HTTPBasicAuth
as follows:
auth = HTTPBasicAuth()
def auth_error_handler():
res = make_response('Invalid credientials')
res.status_code = 401
return res
auth.auth_error_callback = auth_error_handler
But this short-circuits HTTPAuth @error_handler
decorator which I cannot use anymore.
I think it would be much better if HTTPAuth supported a kind of no_authenticate_header
flag or method to avoid this hack.
from flask-httpauth.
Great Miguel, thanks! I was using release 2.6.0.
Now everything is working fine, just using some "Dummy" authentication scheme.
from flask-httpauth.
Related Issues (20)
- Critical security issue when uploading files HOT 2
- How do I make HTTPDigestAuth not use cookies? HOT 2
- Token refresh HOT 1
- Unable to change user and password for authenticate HOT 6
- Digest Auth plain-text passwords HOT 4
- __version__ is gone HOT 4
- Is there any plan to support 'qop' option? HOT 5
- Optional use of @auth.login_required HOT 2
- Custom return response on unauthorized HOT 2
- user/pwd encoding is assumed (hardcoded) to be utf-8 HOT 5
- verify_token custom error based on verification outcome HOT 1
- Customized 401 page HOT 3
- Restrict endpoint to selected auth in MultiAuth HOT 2
- Role based authentication for MultiAuth HOT 2
- Token Auth Example won't run with with itsdangerous > 2.0 HOT 1
- Flask_httpauth installation not working with pip but worked with pip3 HOT 2
- Decorator verify_token not working with changes version werkzeug 2.3.0
- Token is `None` in containerized setup HOT 16
- make setting header configurable HOT 2
- Trailing '==' in a token breaks verify_token() HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-httpauth.