Oso is an open source policy engine for authorization that you embed in your application.  It uses a declarative policy language to govern who can do what inside your application.

This week we released a Flask integration for Oso to make it easier for Python developers to apply authorization best practices in their web apps. With this integration, you can quickly add authorization as a middleware to check every request in your app with just a few lines of code.

The flask-oso integration offers a number of other options

• Sensible defaults for Flask – e.g., the actor defaults to flask.g.current_user and the action defaults to the method of the current request flask.request.method – which you can modify as needed
• Decorators for developers who prefer this approach for performing authorization
• A way to ensure authorization is enforced on all routes
• The ability to write policies based on flask request attributes, like the path

Most authorization decisions can be made with a single call to authorize:

‍

or a Flask route decorator:

The oso flask integration is available on PyPI and can be installed using pip:

{% c-line %}$ pip install flask-oso{% c-line-end %}

Getting started with Oso

Want to learn more? Read the full documentation on the oso Flask integration and have a look at the the Flask integration example app on GitHub.

If you have technical questions or feedback, join us on Slack or open an issue.