Authentication management

Coaster provides a current_auth for handling authentication. Login managers must comply with its API for Coaster’s view handlers to work.

If a login manager installs itself as current_app.login_manager and provides a _load_user() method, it will be called when current_auth is invoked for the first time in a request. Login managers can call add_auth_attribute() to load the actor (typically the authenticated user) and any other relevant authentication attributes.

For compatibility with Flask-Login, a user object loaded at will be recognised and made available via current_auth.

coaster.auth.add_auth_attribute(attr, value, actor=False)[source]

Helper function for login managers. Adds authorization attributes to current_auth for the duration of the request.

  • attr (str) – Name of the attribute
  • value – Value of the attribute
  • actor (bool) – Whether this attribute is an actor (user or client app accessing own data)

If the attribute is an actor and current_auth does not currently have an actor, the attribute is also made available as, which in turn is used by current_auth.is_authenticated.

The attribute name user is special-cased:

  1. user is always treated as an actor
  2. user is also made available as for compatibility with Flask-Login

Helper function for login managers and view handlers to add a new auth anchor. This is a placeholder until anchors are properly specified.


Helper function that returns True if current_auth was invoked during the current request. A login manager can use this during request teardown to set cookies or perform other housekeeping functions.

coaster.auth.current_auth = CurrentAuth(None)

A proxy object that hosts state for user authentication, attempting to load state from request context if not already loaded. Returns a CurrentAuth. Typical use:

from coaster.auth import current_auth

def user_check():
    if current_auth.is_authenticated:
        return "We have a user"
        return "User not logged in"