librelist archives

« back to archive

Flask-Login make_secure_token Question

Flask-Login make_secure_token Question

From:
D Owlf
Date:
2013-09-22 @ 18:53
Hello,

I have been trying to learn to use the Flask-Login extension. I was trying
to setup alternative tokens. Inside my get_auth_token method I use the
make_secure_token function provieded by the extension by passing my salted
password and user id as suggested. It then says to implement a token_loader
that takes a token and returns the desired user object, or None if it isn't
found.

My question is about how to find the appropriate user object from the
token. I have read through the docs for Flask-Login, but I sure don't see
anything about a function for decrypting the token. In searching I have
found a couple examples that use itsdangerous to encrypt and decrypt the
token, but I just wondered if anyone had a good idea bout using the
make_secure_token provided by the extension?

I thought about storing the token in the database, and looking up the user
based on that, which will work, but it seems that you should be able to
decrypt the token and then look the user up based on the newly acquired id,
without having to store the token in the db.

Thanks,

D