0
0
FlaskHow-ToBeginner · 4 min read

How to Use login_required in Flask for User Authentication

In Flask, use the login_required decorator from flask_login to protect routes so only logged-in users can access them. Apply @login_required above your route function to enforce login before allowing access.
📐

Syntax

The login_required decorator is used above a Flask route function to restrict access to logged-in users only.

  • @login_required: Decorator that checks if the user is authenticated.
  • Placed directly above the route function definition.
  • Requires Flask-Login extension to be set up with user session management.
python
@login_required
def protected_route():
    return "This page is only for logged-in users."
💻

Example

This example shows a minimal Flask app using Flask-Login with a protected route that requires login. If the user is not logged in, they are redirected to the login page.

python
from flask import Flask, redirect, url_for, render_template_string
from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user, current_user

app = Flask(__name__)
app.secret_key = 'secret-key'

login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login'

# Simple user class
class User(UserMixin):
    def __init__(self, id):
        self.id = id

# User loader callback
@login_manager.user_loader
def load_user(user_id):
    return User(user_id)

@app.route('/login')
def login():
    user = User('1')
    login_user(user)
    return 'Logged in! Go to /protected'

@app.route('/protected')
@login_required
def protected():
    return f'Hello, user {current_user.id}! This is a protected page.'

@app.route('/logout')
@login_required
def logout():
    logout_user()
    return 'Logged out!'

if __name__ == '__main__':
    app.run(debug=True)
Output
Running the app and visiting /protected without login redirects to /login. Visiting /login logs in the user. Then /protected shows: "Hello, user 1! This is a protected page."
⚠️

Common Pitfalls

  • Not initializing LoginManager or not setting login_view causes errors or no redirect on unauthorized access.
  • Forgetting to call login_user() means users are never logged in, so login_required always redirects.
  • Using login_required without a user loader function (user_loader) causes Flask-Login to fail to load users.
  • Not setting app.secret_key breaks session management needed for login state.
python
## Wrong: Missing login_view
login_manager = LoginManager()
login_manager.init_app(app)
# No login_manager.login_view set

## Right:
login_manager.login_view = 'login'
📊

Quick Reference

Use this cheat sheet to remember key points about login_required in Flask:

ConceptDescription
@login_requiredDecorator to protect routes for logged-in users only
login_manager.login_viewRoute name to redirect unauthorized users to login
login_user(user)Function to log in a user and start session
logout_user()Function to log out the current user
user_loader callbackFunction to reload user object from user ID stored in session
app.secret_keyRequired for session management and login state

Key Takeaways

Use @login_required above route functions to restrict access to logged-in users.
Initialize LoginManager and set login_view to handle unauthorized redirects.
Implement a user_loader callback to load users from session data.
Call login_user() to log users in and logout_user() to log them out.
Set app.secret_key to enable secure session management.

Related by keyword

Flask-restful vs flask-restx: Key Differences and When to Use EachREST APIHow to Run Database Migration in Flask with Flask-MigrateDatabaseHow to Use Flask-WTF for Form Handling in FlaskFormsHow to Use flask-cors for Cross-Origin Requests in FlaskREST APIHow to Use flask-restx: Simple API Development with FlaskREST API

Up next

How to Use Flash Messages in Flask: Simple GuideHow to Validate Form in Flask: Simple Guide with ExampleHow to Create a CRUD API in Flask: Simple GuideHow to Create REST API in Flask: Simple Guide with Example

More in Authentication

How to Create Login in Flask: Simple Step-by-Step GuideHow to Create User Registration in Flask: Simple GuideHow to Hash Password in Flask Securely with WerkzeugHow to Implement Authentication in Flask: Simple Guide