Flask-Security CSRF token
I have a flask app that serves as REST API backend. I would like to
implement token based authentication for the backend but in order to do
that I need to retrieve the user token. Flask-Security documentation
clearly says that to retrieve the token one needs to perform an HTTP POST
with the authentication details as JSON data to the authentication
endpoint. Unfortunately I don't understand how to retrieve the CSRF token
needed to perform such request.
If I use the login page/template provided with the extension the CSRF
token is passed to the client in the hidden field in the form. The
question is:
how do I retrieve the CSRF token without accessing and parsing the login
page, like for example from an angularJS app using $http methods or a
mobile app?
Obviously I could avoid using Flask-Security and implement the pieces
myself but I'm relatively inexperienced with webapps and I feel I might be
approaching this the wrong way.
No comments:
Post a Comment