Flask-HTAuth provides Flask apps with easy to integrate basic HTTP authentication. The extension supports standard htpasswd files.

Source code and issue tracker are available at GitHub.


Install with the usual:

pip install flask-htauth

or download source from GitHub:

git clone https://github.com/tomekwojcik/flask-htauth.git
cd flask-htauth
python setup.py develop


Flask-HTAuth uses the following settings:

  • HTAUTH_HTPASSWD_PATH - path to htpasswd file,
  • HTAUTH_REALM - authentication realm (defaults to Protected Area)

Example app

from flask import Flask, g
from flask.ext import htauth
import os

HTPASSWD = os.path.join(os.path.abspath(os.path.dirname(__file__)), 'htpasswd')

app = Flask(__name__)
app.config['HTAUTH_REALM'] = 'Top Secret Area'

auth = htauth.HTAuth(app)

def app_index():
    return 'Hello, World!'

def app_secret():
    return 'Hello, ' + g.htauth_user + '!'

If the request is missing Authorization header or auth data is invalid the authenticated decorator will return response that will force the user agent to request authentication data from the user.


  • Basic auth,
  • Support for MD5, SHA and crypt htpasswd password encrypting.


Flask-HTAuth is licensed under MIT License. See LICENSE for more details.


class flask.ext.htauth.HTAuth(app=None)

This class controls basic HTTP authentication integration with Flask apps.

You can either bind the app to an instance:

app = Flask(__app__)
auth = HTAuth(app)

or create the auth object once and bind it later:

auth = HTAuth()

def create_app():
    app = Flask(__name__)
    return app

Bind the app to HTAuth instance.


Decorate viewfunc with this decorator to require HTTP auth on the view.


Flask-HTAuth is developed by BTHLabs. The extension was inspired by django-htauth. Uses MD5 crypt code from this snippet.

Fork me on GitHub