This extension adds the ability to authorize requests to your Flask endpoints via IndieAuth, using current_app.config['TOKEN_ENDPOINT'] as the token server.

This is useful for developers of Micropub server implementations.

current_app.config should contain the following configuration details:

TOKEN_ENDPOINT

(e.g. "https://tokens.indieauth.com/token")

ME

(e.g. "http://example.com")

Example Usage:

from flask_indieauth import requires_indieauth
@app.route('/micropub', methods=['GET','POST'])
@requires_indieauth
def handle_micropub():
    ...

When a Flask route is wrapped in @requires_indieauth, this extension will look for an IndieAuth bearer token in these locations in order:

• HTTP header Authorization: Bearer xxx...
• HTTP form data in the parameter access_token
• HTTP POST body, if in JSON format, in the access_token attribute

If an access token is found, it is checked for a me value equal to the domain in current_app.config["ME"] and a scope value of post.

If all checks pass, processing is passed to the Flask route handler.

Upon successful authentication/authorization, Flask-IndieAuth will store a user dict in Flask.g with the following attributes:

me

the homepage that the user logged in as

scope

the authorization scope of this token

client_id

typically the homepage for the micropub client

access_token

the raw access token

Example Usage:

from flask import g, current_app

from flask_indieauth import requires_indieauth
@app.route('/micropub', methods=['GET','POST'])
@requires_indieauth
def handle_micropub():
    user = g.user
    current_app.logger.info("Request from %s" % user["me"])