Understanding the steps to add authentication and permissions
Our current version of the API processes all the incoming requests without requiring any kind of authentication. We will use a Flask extension and other packages to use an HTTP authentication scheme to identify the user that originated the request or the token that signed the request. Then, we will use these credentials to apply the permissions that will determine whether the request must be permitted or not. Unluckily, neither Flask nor Flask-RESTful provide an authentication framework that we can easily plug and configure. Thus, we will have to write code to perform many tasks related to authentication and permissions.
Note
We want to be able to create a new user without any authentication. However, all the other API calls are only going to be available for authenticated users.
Â
First, we will install the Flask-HTTPAuth
Flask extension to make it easier for us to work with HTTP authentication and the passlib
package to allow us...