Flask API Authentication with OAuth 2.0 and JWT

In modern web development, securing APIs is a critical part of the architecture. When building APIs with Flask, implementing robust authentication is essential to prevent unauthorized access and protect user data. One of the most effective and widely used strategies is combining OAuth 2.0 with JSON Web Tokens (JWT). This blog will guide you through the basic concept and implementation of OAuth 2.0 and JWT for securing a Flask API.


🔐 What is OAuth 2.0?

OAuth 2.0 is an open standard for access delegation commonly used as a way to grant websites or applications limited access to user information without exposing credentials. It allows a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf.

For example, logging in with Google or GitHub uses OAuth 2.0 behind the scenes.


🔒 What is JWT?

JSON Web Tokens (JWT) are a compact and self-contained way of securely transmitting information between parties as a JSON object. The token is digitally signed using a secret key (HMAC) or a public/private key pair (RSA or ECDSA).

A JWT typically consists of three parts:

  • Header – Contains the type of token and algorithm used.
  • Payload – Contains the claims (user data).
  • Signature – Verifies the sender and ensures the message wasn’t changed.


🔧 Implementing OAuth 2.0 + JWT in Flask

Here’s how you can use OAuth 2.0 for authentication and then issue a JWT for protected API access.

1. Set Up Flask and Required Libraries

Install the necessary libraries:

bash

pip install Flask flask-oauthlib PyJWT

Import them in your app:


python

from flask import Flask, request, jsonify

import jwt

import datetime


2. User Logs In via OAuth Provider

Use flask-dance or Authlib to integrate with an OAuth provider like Google. Once the OAuth flow is complete, you'll get an access token and user info.

Example with Google OAuth (using Authlib):

python


from authlib.integrations.flask_client import OAuth


oauth = OAuth(app)

google = oauth.register(

    name='google',

    ...

)

Once the user logs in and your app receives the user profile, you can generate a JWT token for session management.


3. Generate JWT After Successful Login

python


@app.route('/login/callback')

def callback():

    user_info = get_user_info_somehow()

    token = jwt.encode({

        'user_id': user_info['id'],

        'exp': datetime.datetime.utcnow() + datetime.timedelta(hours=1)

    }, 'SECRET_KEY', algorithm='HS256')


    return jsonify({'token': token})


4. Protect Your Flask Routes with JWT

Use a decorator to validate the token:


python


from functools import wraps


def token_required(f):

    @wraps(f)

    def decorated(*args, **kwargs):

        token = request.headers.get('Authorization')


        if not token:

            return jsonify({'message': 'Token is missing!'}), 403


        try:

            data = jwt.decode(token.split(" ")[1], 'SECRET_KEY', algorithms=['HS256'])

        except:

            return jsonify({'message': 'Token is invalid or expired!'}), 403


        return f(*args, **kwargs)

    return decorated

Use it on your route:

python


@app.route('/dashboard')

@token_required

def dashboard():

    return jsonify({'message': 'Welcome to the secure dashboard!'})


✅ Conclusion

Combining OAuth 2.0 and JWT provides a powerful authentication and authorization mechanism for Flask APIs. OAuth 2.0 handles the identity verification via a trusted third-party provider, while JWT allows your backend to manage secure sessions without maintaining server-side state.

With this setup, your Flask API is much more secure, scalable, and ready for integration with modern front-end applications and microservices.

Learn FullStack Python Training
Read More : Flask REST API Documentation with Flask-RESTPlus


Visit Our IHUB Talent Training Institute in Hyderabad
Get Direction 

Comments

Post a Comment

Popular posts from this blog

How to Use Tosca's Test Configuration Parameters

Tosca by Tricentis is a powerful model-based test automation tool widely used in enterprise environments for end-to-end testing. One of its most useful features is Test Configuration Parameters (TCPs), which provide flexibility and control in managing test execution. TCPs enable testers to create reusable test cases by passing dynamic values without hardcoding them. This significantly enhances test maintenance, scalability, and efficiency. In this blog, we’ll explore what Test Configuration Parameters are, how to create and use them, and the best practices to follow when working with TCPs in Tosca. What Are Test Configuration Parameters? Test Configuration Parameters are custom-defined key-value pairs that can be associated with test cases, test case folders, or execution lists in Tosca. They help manage configuration data such as environment URLs, browser types, credentials, or any other variable data that may differ across test runs. By using TCPs, you can avoid duplicating test case...
Read more

Installing Java and Eclipse IDE for Selenium Automation

Selenium is one of the most popular open-source tools for automating web applications for testing purposes. To begin your journey with Selenium automation using Java, you need to first install Java Development Kit (JDK) and an Integrated Development Environment (IDE) like Eclipse. This blog will walk you through the step-by-step process of setting up Java and Eclipse IDE on your system, preparing you to start writing and executing Selenium scripts. Step 1: Install Java Development Kit (JDK) What is JDK? The Java Development Kit (JDK) provides the tools required to develop and run Java applications. It includes the Java Runtime Environment (JRE), compiler (javac), and various development tools. How to Install JDK: Download JDK: Visit the official Oracle website or use an open-source version like AdoptOpenJDK. Download the latest stable version (preferably JDK 11 or later). Install JDK: Run the downloaded installer and follow the installation wizard. During installation, note the install...
Read more

How Flutter Works Behind the Scenes

Flutter, Google’s open-source UI toolkit, has rapidly become a popular choice for building beautiful, natively compiled applications for mobile, web, and desktop from a single codebase. But have you ever wondered how Flutter works behind the scenes to deliver such smooth and performant apps? In this blog, we’ll dive into Flutter’s architecture and explain the key components that make it tick. What is Flutter? At its core, Flutter allows developers to write code in the Dart programming language, which is then compiled to native machine code. Flutter doesn’t rely on native UI components; instead, it draws every pixel on the screen using its own rendering engine. This unique approach gives developers full control over the UI and enables consistent behavior across platforms. Flutter’s Architecture: The Big Picture Flutter’s architecture can be broken down into three main layers: Dart Framework Flutter Engine Platform-Specific Embedder 1. Dart Framework The Dart framework is what developers...
Read more