Implementing User Authentication in a Python Application
Learn about user authentication, user identity management, and implementing it correctly into a Python application using LoginRadius.
Authentication and user identity management are challenging tasks you are bound to run into when building applications. For example, you will need to create profiles for users, validate provided passwords, implement a password reset functionalities, manage user sessions (sometimes on multiple devices), manage social media authentication, and many others.
You still have to work on other parts of your application, and you might not have a lot of time. A lot of developers might hack their way through authentication, but that could lead to improper implementations. It is not advisable to do this as you can create doorways for cyber-related attacks in your application.
In this tutorial, you will learn how to properly implement user authentication and identity management in a Flask application.
Here for the code alone? Head over to the implementation section of this article or visit this GitHub gist to browse demo code.
Introduction
What Is User Authentication?
User authentication is the process of validating a person’s identity to ascertain that they are who they claim to be. Authentication is achievable using passwords, one-time pins (OTP), biometrics, authentication apps, access tokens, certificates, and many more.
What Is User Identity?
User identity is an entity used to identify a user of an application uniquely. Forms of user identifiers include full names, email addresses, system-generated values, and UUIDs.
What Is an Identity Provider?
An identity provider is a system that helps create, maintain, and manage user identity information. It also provides authentication services to external applications to ease their authentication flow and make it seamless.
What Is Authentication in Python?
When referring to authentication in Python, we talk about user authentication concerning web applications built with it. Python is actively used in making web applications with many supporting frameworks, including but not limited to Flask, Django, FastAPI, Bottle, and Hug.
Every web application built with Python at one point or another would need to implement user authentication features. This article will cover implementing authentication and proper handling of user identity information using LoginRadius and Flask.
Getting Started with LoginRadius
What Is LoginRadius?
LoginRadius is a cloud-based consumer identity and access management (CIAM) platform that allows seamless user authentication and SSO integration into your application. LoginRadius is simple to use, completely secure, and highly customizable.
To proceed with this tutorial, you will need an account with LoginRadius. If you have not created one before now, create one on the LoginRadius website.
Benefits of Using LoginRadius
- It simplifies user management.
- It provides unmatched data, user, and account security.
- It ensures automatic privacy compliance.
- It integrates seamlessly into your applications.
- It provides scalable infrastructure.
- This section covers setting up the demo application that we will be integrating LoginRadius into in the remaining parts of the tutorial.
- It also covers LoginRadius integration with the Python and Flask demo application code.
Acquiring LoginRadius API Credentials
Login to your LoginRadius dashboard, then navigate to the app you want to integrate with Python (LoginRadius will set up a free app for you when you create an account).
Next, head over to the tab on the LoginRadius sidebar (left side of the screen).
Your API credentials are located under the section. Once you have retrieved this, copy the , , and and store them somewhere secure and easily retrievable.
Whitelisting Your Domains
LoginRadius requires you to whitelist domains you will be integrating with your app. To whitelist, a domain, scroll down to the section in the tab of your app dashboard and add it.
By default, LoginRadius whitelists your local computer (localhost).
Installing LoginRadius Python SDK
We need to install the LoginRadius Python SDK. It provides functionalities that allow Python programs to communicate with LoginRadius APIs.
In the terminal, type:
Setting up Our Flask Server
First, we need to install the Flask framework from PyPI. In the terminal, type:
After that, create a file named and save the following code in it:
When you run the script and open your browser, you will get a response similar to the image below:
Initializing the LoginRadius SDK
Update the file with the code below:
Replace the values of the and variables with your LoginRadius application keys we saved earlier.
Setting up User Registration
To register users, you have to redirect them from your application to your LoginRadius Auth Page (IDX). Each LoginRadius app has a custom IDX. You can access it with the following URL pattern.
- The parameter refers to your LoginRadius app name, which you can retrieve from the section in the tab of your dashboard.
- The parameter refers to the authentication action you’re attempting to perform. It is either or .
- The parameter refers to the URL LoginRadius should redirect your users to after successful authentication. It is usually a route on your application server.
Update the file with the code below:
In the code above, we created a route that redirects users to our LoginRadius registration IDX. We also set our to “register” and our to our application home page.
NOTE: Don’t forget to replace the <APP_NAME> placeholder with your LoginRadius app name we saved earlier.
Authenticating Registered Users (User Login)
To authenticate registered users, you have to redirect them to your IDX page, passing “login” as the .
Update the file with the code below:
When LoginRadius successfully authenticates a user, it attaches a parameter to the before redirecting your user there. This parameter contains the access token of the user that we authenticated.
In the code above, we redirect users to our LoginRadius login IDX if the parameter is absent (this means LoginRadius did not redirect the user here). We also set our to “login” and our to our login page.
Fetching User Profiles From Access Tokens
We also want to fetch user profiles from the given by LoginRadius. It comes in handy when we want to verify if a given access token is valid (or has expired) or just fetch information about the current user.
Update the route with the code below. We also added a route where we will redirect users after successful authentication.
In the code above, we used the method from the LoginRadius SDK to fetch our user’s details. If the request was successful and the result does not contain an parameter, we save the access token in the user’s session and redirect them to the route. But if an error occurs somewhere, e.g., the access token is invalid/expired, we redirect the user back to the route.
Next, we want to add more functionality to the route. Instead of just displaying a dummy text, let it show the user information we fetched earlier. Update the route with the code below:
Here, we fetched the access token stored in the user’s session earlier, used it to get their details, and rendered the result.
Invalidating Access Tokens (User Logout)
Invalidating access tokens means rendering particular access tokens useless and unusable. It comes in handy when we log out users. The LoginRadius SDK provides an method that takes in an access token to be invalidated.
To add this to our server, create a route with the code below:
Conclusion
This article taught us about user authentication, user identity management, and implementing it correctly. In addition, we saw how easy it is to integrate LoginRadius services into a Python application to ease the implementation of authentication and user identity management.
The source code of the demo application is available as a GitHub gist. You can learn more about the LoginRadius Python SDK features from the official documentation.
