Have you ever wondered what is OAuth, how it works, and why any more or less popular website implements it? In this article, we'll explore those qu...
For further actions, you may consider blocking this person and/or reporting abuse
Hi Nikita, thanks for your post.
Since you are using Flask as an example and the library you mentioned in "Don't invent a bicycle" is a Django app library, I would like to add a Flask wheel here.
github.com/lepture/authlib
The documentation for the Flask integration is docs.authlib.org/en/latest/client/...
Awesome!
Thanks for the library, I didn't know about it. I'll be sure to check it out.
Actually, before Authlib. There were Flask-OAuth and Flask-OAuthlib. But both of them are deprecated now.
Because what I think when we put scope in OAuth. It means that everytime we define scope: create_user, read_user, update_user, delete_user (let's say we have big module). We need to retrieve from OAuth to process all that information which is not efficient.
I always thinking that OAuth only need to be use for getting the token and refresh token. While security role is defined in the application it self to process the business logi..
Great article. But I curious asking is the Scope is same with Security role? If same which one you prefer put all the sec-role in the OAuth or built in by yourself in the application?