Adding authorization to your Flask app with oso

David Hatch

oso is an open source policy engine for authorization that you embed in your application.  It uses a declarative policy language to govern who can do what inside your application.

This week we released a Flask integration for oso to make it easier for Python developers to apply authorization best practices in their web apps. With this integration, you can quickly add authorization as a middleware to check every request in your app with just a few lines of code.

The flask-oso integration offers a number of other options:

  • Sensible defaults for Flask – e.g., the actor defaults to flask.g.current_user and the action defaults to the method of the current request flask.request.method – which you can modify as needed
  • Decorators for developers who prefer this approach for performing authorization
  • A way to ensure authorization is enforced on all routes
  • The ability to write policies based on flask request attributes, like the path

Most authorization decisions can be made with a single call to authorize:

or a Flask route decorator:

The oso flask integration is available on PyPI and can be installed using pip:

{% c-line %}$ pip install flask-oso{% c-line-end %}

For more details, read the full documentation on the oso Flask integration and have a look at the the Flask integration example app on GitHub.

If you have technical questions or feedback, join us on Slack or open an issue.

Get updates from oso.

We won't spam you. Ever.