Flask-Security allows you to quickly add common security mechanisms to your Flask application. They include:

  1. Session based authentication
  2. Role management
  3. Password encryption
  4. Basic HTTP authentication
  5. Token based authentication
  6. Token based account activation (optional)
  7. Token based password recovery / resetting (optional)
  8. User registration (optional)
  9. Login tracking (optional)
  10. JSON/Ajax Support

Many of these features are made possible by integrating various Flask extensions and libraries. They include:

  1. Flask-Login
  2. Flask-Mail
  3. Flask-Principal
  4. Flask-Script
  5. Flask-WTF
  6. itsdangerous
  7. passlib

Additionally, it assumes you’ll be using a common library for your database connections and model definitions. Flask-Security supports the following Flask extensions out of the box for data persistence:

  1. Flask-SQLAlchemy
  2. Flask-MongoEngine
  3. Flask-Peewee


Flask-Security is an opinionated Flask extension which adds basic security and authentication features to your Flask apps quickly and easily. Flask-Social can also be used to add "social" or OAuth login and connection management.

Useful Links

This Page