{"id":4010,"library":"flask-dance","title":"Flask-Dance","description":"Flask-Dance is a Python library that simplifies OAuth authentication for Flask applications. It enables Flask apps to act as OAuth consumers, allowing users to log in with various third-party providers like GitHub, Google, and more. The library is actively maintained with frequent updates, currently at version 7.1.0.","status":"active","version":"7.1.0","language":"en","source_language":"en","source_url":"https://github.com/singingwolfboy/flask-dance","tags":["flask","oauth","authentication","authorization"],"install":[{"cmd":"pip install Flask-Dance","lang":"bash","label":"Basic installation"},{"cmd":"pip install Flask-Dance[sqla]","lang":"bash","label":"With SQLAlchemy storage"}],"dependencies":[{"reason":"Core web framework integration.","package":"Flask"},{"reason":"Used for making HTTP requests to OAuth providers.","package":"requests"},{"reason":"Handles the underlying OAuth protocol logic.","package":"oauthlib"},{"reason":"Optional, for SQLAlchemy token storage.","package":"Flask-SQLAlchemy","optional":true},{"reason":"Requires Python 3.6 or higher.","package":"Python","min_version":"3.6"}],"imports":[{"note":"Commonly used preset blueprint for GitHub.","symbol":"make_github_blueprint","correct":"from flask_dance.contrib.github import make_github_blueprint"},{"note":"Context local for making requests to GitHub API; similar imports exist for other providers (e.g., `google`, `facebook`).","symbol":"github","correct":"from flask_dance.contrib.github import github"},{"note":"For creating custom OAuth 2.0 blueprints not covered by presets.","symbol":"OAuth2ConsumerBlueprint","correct":"from flask_dance.consumer import OAuth2ConsumerBlueprint"},{"note":"Used with SQLAlchemy for defining the OAuth token model.","symbol":"OAuthConsumerMixin","correct":"from flask_dance.consumer.storage.sqla import OAuthConsumerMixin"},{"note":"Used to configure SQLAlchemy as the token storage backend.","symbol":"SQLAlchemyStorage","correct":"from flask_dance.consumer.storage.sqla import SQLAlchemyStorage"}],"quickstart":{"code":"import os\nfrom flask import Flask, redirect, url_for, session\nfrom flask_dance.contrib.github import make_github_blueprint, github\n\napp = Flask(__name__)\napp.secret_key = os.environ.get(\"FLASK_SECRET_KEY\", \"supersekrit\")\n\ngithub_blueprint = make_github_blueprint(\n    client_id=os.environ.get(\"GITHUB_OAUTH_CLIENT_ID\"),\n    client_secret=os.environ.get(\"GITHUB_OAUTH_CLIENT_SECRET\"),\n)\napp.register_blueprint(github_blueprint, url_prefix=\"/login\")\n\n@app.route(\"/\")\ndef index():\n    if not github.authorized:\n        return redirect(url_for(\"github.login\"))\n    resp = github.get(\"/user\")\n    assert resp.ok, resp.text\n    return f\"You are @{resp.json()['login']} on GitHub\"\n\nif __name__ == \"__main__\":\n    # For local development with HTTP, set OAUTHLIB_INSECURE_TRANSPORT=1\n    # Example: export OAUTHLIB_INSECURE_TRANSPORT=1\n    app.run(debug=True)\n","lang":"python","description":"This quickstart demonstrates setting up a Flask application with GitHub OAuth using Flask-Dance. It registers a GitHub blueprint, which handles the OAuth flow. The root route checks if the user is authorized; if not, it redirects them to the GitHub login page. Once authorized, it fetches and displays the GitHub username. Ensure to set `FLASK_SECRET_KEY`, `GITHUB_OAUTH_CLIENT_ID`, and `GITHUB_OAUTH_CLIENT_SECRET` environment variables. For local development without HTTPS, `OAUTHLIB_INSECURE_TRANSPORT=1` must be set."},"warnings":[{"fix":"For Twitter, migrate to a custom blueprint or an alternative library. Review documentation for Dexcom integration and PKCE if applicable.","message":"Flask-Dance v7.0.0 removed the Twitter pre-set configuration and introduced support for Authorization Flow with PKCE. Existing Twitter integrations will break and require manual implementation or updating to a custom blueprint. Dexcom preset was added.","severity":"breaking","affected_versions":"7.0.0 and above"},{"fix":"Upgrade Flask to 2.0.3+ and Werkzeug to 2.1+ to ensure compatibility with Flask-Dance 6.x and 7.x.","message":"Version 6.0.0 updated minimum supported versions to Flask 2.0.3 and Werkzeug 2.1. Version 5.0.0 also dropped support for Flask versions below 1.0.4, specifically adding support for Flask 2.0. Ensure your Flask and Werkzeug versions are compatible.","severity":"breaking","affected_versions":"5.0.0 and above"},{"fix":"Upgrade your application's Python version to 3.6+.","message":"Flask-Dance v4.0.0 dropped support for Python 2.7. It also added support for SQLAlchemy 1.4. Older Python 2.7 applications must be migrated to Python 3.","severity":"breaking","affected_versions":"4.0.0 and above"},{"fix":"Consult `CHANGELOG.rst` for specific migration steps if upgrading from very old versions. Ensure `blueprint.storage = ...` is used instead of `blueprint.backend = ...`.","message":"Older versions (pre-v1.0.0, specifically in 0.x releases) had breaking changes in how backends worked, including changes to `OAuthConsumerMixin` columns setting `nullable=False`, which could require database migrations if upgrading from very old versions. Additionally, the attribute to store the backend changed from `backend` to `storage`.","severity":"breaking","affected_versions":"Pre-1.0.0 to 1.x (and related documentation)"},{"fix":"Set `export OAUTHLIB_INSECURE_TRANSPORT=1` for local testing. Always use HTTPS in production and remove this environment variable.","message":"For local development over HTTP (non-HTTPS), you must set the `OAUTHLIB_INSECURE_TRANSPORT` environment variable to `1`. However, this should NEVER be used in production environments, as it disables security checks and makes your application vulnerable.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Downgrade `oauthlib` to a compatible version (e.g., `oauthlib<3.3.0`) until Flask-Dance officially supports `oauthlib==3.3.0` or a fix is released. Monitor the Flask-Dance GitHub issues for updates.","message":"An open issue (#438 on GitHub) indicates that `oauthlib` version 3.3.0 breaks the current implementation of Flask-Dance, preventing OAuth flows from working correctly. This is a critical dependency issue.","severity":"gotcha","affected_versions":"All versions using oauthlib==3.3.0"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}