Skip to content

Authentication

Once you have activated security, the system require you to login to obtain a token, and provide this token on subsequent APIs. This page describes how to login and provide a token.

 

Obtain a token

The sample test apps obtain a token as shown here. This is also illustrated in the swagger section, below.

 

Swagger Authentication

Once you activate, tokens are required, including in Swagger. You can obtain a token and authenticate as described below for the sqlite authentication-provider:

  1. Access the User Login service
  2. Use the Try it now feature as shown below
  3. Copy the token value for use in the next step

At the top of Swagger, locate the Authenticate button. Copy the token, precede it with Bearer, and login like this:

 

Provide token in header

The sample test apps use this token on API calls as shown here.

Password Encryption with flask_bcrypt

It is generally not a good idea to store user passwords in plain text. The Python package flask_bcrypt is included and can be used to generate encrypted passwords. Note: each time you run the encryption - you will get a different value but the check password hash will return true if the plain text matches.

from flask_bcrypt import generate_password_hash, check_password_hash

if __name__ == "__main__":
    pw = input("Enter a password to encrypt: ")
    pw_hash = generate_password_hash(password=pw)
    print(f'encrypted password = {pw_hash}')
    print(f'check_password_hash: {pw} = {check_password_hash(pw_hash=pw_hash, password=pw)}')

Enter a password to encrypt: p
encrypted password = b'$2b$12$7sBO8jrL7nlgd10/yZ6lqeCV9Jr/itMnu0Zx0bFAqzC3kYQbzB8j.'
check_password_hash: p = True

Once you have the encrypted password - update your 'User' table password_hash value. SQL for each user: 

update user set password_hash = '$2b$12$7sBO8jrL7nlgd10/yZ6lqeCV9Jr/itMnu0Zx0bFAqzC3kYQbzB8j.' where user.id = 'admin'

Modify the file database/authentication.py to use the encrypted password_hash. 

from flask_bcrypt import generate_password_hash, check_password_hash

    # authentication-provider extension - encrypted password check
    def check_password(self, plaintext=None):
        # print(password)
        return check_password_hash(self.password_hash, plaintext)