Flask User Management : How to make Stateless Server using better authentication ways?
Flask-Login uses flask's built in session management, which by default uses secure/signed cookies, and so is purely client side.
It can support server side sessions if needed though of course, here's an example redis backed session store.
I've the same problem as you have said.While I have built a simple solution for this but looking for a better one.What I currently did is to ask the caller (Who send the http request) provide a 'X-User-Info' in the http header, the value is a token. When I received the request, I use this token to get user identity (From redis for instance) and all of the following authorization & permission control are based on this identity.The authentication does nothing but generate a random token, save it with user info to redis and return the token itself to the caller.