Quick and simple security for Flask applications

flask, flask-security, python, security
conda install -c conda-forge flask-security-too



https://github.com/Flask-Middleware/flask-security/workflows/tests/badge.svg?branch=master&event=push Coverage! Downloads License Documentation Status pre-commit

Quickly add security features to your Flask application.

Notes on this repo

This is a independently maintained version of Flask-Security based on the 3.0.0 version of the Original


  • Regain momentum for this critical piece of the Flask eco-system. To that end the the plan is to put out small, frequent releases starting with pulling the simplest and most obvious changes that have already been vetted in the upstream version, as well as other pull requests. This was completed with the June 29 2019 3.2.0 release.
  • Continue work to get Flask-Security to be usable from Single Page Applications, such as those built with Vue and Angular, that have no html forms. This is true as of the 3.3.0 release.
  • Use OWASP to guide best practice and default configurations.
  • Be more opinionated and 'batteries' included by reducing reliance on abandoned projects and bundling in support for common use cases.
  • Follow the Pallets lead on supported versions, documentation standards and any other guidelines for extensions that they come up with.
  • Any other great ideas.


Issues and pull requests are welcome. Other maintainers are also welcome. Unlike the original Flask-Security - issue pull requests against the master branch. Please consult these contributing guidelines.


Install and update using pip:

pip install -U Flask-Security-Too