A bear playing hopscotch

Adding authorization to your Flask web app with Oso

David Hatch

Oso is an open source policy engine for authorization that you embed in your application.  It uses a declarative policy language to govern who can do what inside your application.

This week we released a Flask integration for Oso to make it easier for Python developers to apply authorization best practices in their web apps. With this integration, you can quickly add authorization as a middleware to check every request in your app with just a few lines of code.

Add authorization to your Flask web app with Oso
Add authorization to your Flask web app with Oso

The flask-oso integration offers a number of other options

  • Sensible defaults for Flask – e.g., the actor defaults to flask.g.current_user and the action defaults to the method of the current request flask.request.method – which you can modify as needed
  • Decorators for developers who prefer this approach for performing authorization
  • A way to ensure authorization is enforced on all routes
  • The ability to write policies based on flask request attributes, like the path

Most authorization decisions can be made with a single call to authorize:

Add authorization to your Flask web app with Oso

or a Flask route decorator:

Add authorization to your Flask web app with Oso

The oso flask integration is available on PyPI and can be installed using pip:

{% c-line %}$ pip install flask-oso{% c-line-end %}

Getting started with Oso

Want to learn more? Read the full documentation on the oso Flask integration and have a look at the the Flask integration example app on GitHub.

If you have technical questions or feedback, join us on Slack or open an issue.

Want us to remind you?
We'll email you before the event with a friendly reminder.

Write your first policy