![\"book-a-demo-Consultation\"](\"/8fce571f703a5970dbb1359a2fe0e51a/book-a-demo-loginradius.webp\")
What is a Content Security Policy (CSP), and why is it important?
\nA Content Protection Policy (CSP) is a security standard that adds an extra layer of defense in detecting and mitigating certain kinds of attacks, such as Cross-Site Scripting (XSS), clickjacking, and other code injection threats. CSP is a preventative step against attacks that rely on executing malicious material in a trusted web context, as well as other attempts to bypass the same-origin policy.
\nThe CSP's main purpose is to prevent and report XSS attacks. XSS attacks take advantage of the browser's faith in the server's content. Because the browser trusts the source of the material without additional safety measures, the browser runs all code from a trustworthy origin. It is unable to distinguish which code is legal. Thus any injected malicious code is also executed.
\nThe website administrator can reduce the XSS attack using the CSP by defining trusted source sites for the executable scripts. When we use the CSP header, browsers only allow us to run the script from the whitelisted domains and ignore all other scripts.
\nWe can also use the same-origin policy (SOP) header to prevent the website from accessing data from the other origin. Still, Websites need to include lots of assets from external sources like content delivery networks (CDNs), Google Analytics scripts, fonts, styles, comment modules, social media buttons, etc., so for the modern web, we need to use CSP.
\nOne interesting advantage of a content security policy is we can define the permitted protocols. For example, the sites can restrict browsers from loading content over HTTPS. Some browsers, by default, will not connect to HTTPS but using the content security policy, we can enforce browsers to encrypt conversations with your server.
\nSites may also leverage HTTP Strict-Transport-Security headers to ensure that browsers only connect to the site over encrypted routes.
\nAdding the Content-Security-Policy HTTP header to a web page and setting values for it allows you to restrict what resources the user agent is authorized to load for that page. For example, A page that allows loading external CSS or fonts but not allows loading javascript from the external domains.
\nHTTP response headers are generally used to specify the Content-Security-Policy header, but if needed, you can also use HTML meta tags to provide specific CSP directives at the page level.
\nAn example of adding CSP headers is shown below.
\n Content-Security-Policy: default-src 'self'; img-src *; script-src loginradius.com;An example of adding CSP headers in the HTML tags
\n<meta http-equiv="Content-Security-Policy" content="default-src 'self'">Listed below are a couple of CSP directives and their use cases:
\nDefault-src: This directive serves as a fallback for the other CSP fetch directives. For absent directives like media-src and script-src, the user agent looks for the default-src directive's content and uses it.
Script-src: This directive is used to define locations from which external scripts can be loaded.
Img-src: Specifies sources from which images can be retrieved.
Media-src: This directive is used to define locations from which rich media like video can be retrieved.
Object-src: This directive is used to define locations from which plugins can be retrieved.
Font-src: Specifies permitted sources for loading fonts.
manifest-src: A list of acceptable source locations for web manifests. Web manifests are used by users of Progressive Web Applications to download websites and run them like native mobile apps.
frame-ancestors: A list of acceptable URL locations which this website can load in an iFrame.
form-action: A list of acceptable URL target locations where the website can send form data. It's most likely that you want this value set to self as most websites only submit their form data locally. This property is not covered by default-src above, so make sure you set it.
plugin-types: The list of plugin types that can be loaded from the locations in object-src. Likely that you also want to set this to none.
base-uri: The list of URLs that can be used in HTML base tags on your site.
child-src is used to restrict permitted URLs for JavaScript workers and embedded frame contents, including embedded videos. In Level 3, frame-src and worker-src directives can be used instead to control embedded content and worker processes, respectively.
style-src is used to whitelist CSS stylesheet sources. To allow stylesheets from the current origin only, use style-src 'self'.
connect-src specifies permitted origins for direct JavaScript connections that use EventSource, WebSocket, or XMLHttpRequest objects.
You can find a more updated and complete list maintained by Mozilla here.\nMozilla maintains a more up-to-date and comprehensive list, which can be seen here.
\nAll major modern browsers have supported Content Security Policy.
\nMozilla maintains a more up-to-date and comprehensive list for the CSP support in the browser, which can be seen here.
\nThe default-src directive in the below example policy is set to self. This permits the browser to load resources from the site's origin.
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">The default-src directive in the below example policy permits the browser to load resources from the trusted domain and all its subdomains.
<meta http-equiv="Content-Security-Policy" content="default-src 'self' *.loginradius.com">The above policy permits the browser to load content from loginradius.com as well as any subdomain under loginradius.com.
\nSuppose you are running an e-commerce site and want to ensure that all resources are only loaded via SSL or HTTPS. The below policy ensures that all of the resources on your website load from TLS.
\n <meta http-equiv="Content-Security-Policy" content="default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'">If you want to allow users of a web application to add images/photos from any source but permits all scripts from trusted sources or specific sources.
\n <meta http-equiv="Content-Security-Policy" content="default-src 'self' img-src *; script-src cdn.loginradius.com;"> The img-src directive allows images to load from anywhere.\nThe script-src directive can only accept executable scripts from cdn.loginradius.com.
If you want to add social widgets like the google+ button, Facebook like, Tweet button on your website, you need to allow external script also like the below policy.
\n<meta http-equiv="Content-Security-Policy" content="default-src 'self' img-src *; script-src cdn.loginradius.com;https://platform.twitter.com; child-src https://plusone.google.com https://facebook.com https://platform.twitter.com;">The Content-Security-Policy-Report-Only Header is a wonderful method to evaluate the effects of a Content-Security-Policy header without really blocking anything on the site. Also, we can get any violation reports using this header. By default, it only sends reports to the developer tools console. If you include a report-to or report-uri directive, it will send a JSON representation of the violation to the provided URI endpoint.
<meta http-equiv="Content-Security-Policy-Report-Only" content="default-src 'self'; report-uri https://report.yourwebsite.com/cspreport;">In the above example, it will not enforce anything. Content-Security-Policy-Report-Only policy only generates reports and sends them to the report URI. The CSP violation report is generated in JSON format.
<meta http-equiv="Content-Security-Policy-Report-Only" content="default-src 'self'; script-src cdn.loginradius.com; report-uri https://report.loginradius.com/cspreport;">In the above example, the policy only allows the script from cdn.loginradius.com.
\n<!DOCTYPE html>\n<html>\n \n<head>\n <title>Content Security Policy</title>\n <script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js'></script>\n</head>\n \n<body>\n . . .\n</body>\n \n</html>In the below sample HTML browser trying to download javascript from the other source, but we have allowed javascript src only from the CDN so that the browser will send the following violation report.
\n {\n"csp-report":{\n"document-uri": "https://loginradius.com/test.html",\n"referrer": "",\n"blocked-uri": "https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js",\n"violated-directive": "script-src cdn.loginradius.com",\n"original-policy": "default-src 'self'; script-src cdn.loginradius.com; report-uri https://report.loginradius.com/cspreport;",\n"disposition”: “report"\n}\n}The Content Security Policy will add an additional layer of protection to your web application. CSP is compatible with almost all current browsers and is widely used on the internet as an effective technique for decreasing the threat of cross-site scripting attacks.
\nThe Web Application Security Working Group of the Wide Web Consortium (w3c has already begun work on the specification's next version, Content Security Policy Level 3 and Content Security Policy Level 2 already Candidate Recommendation.
\n","frontmatter":{"date":"July 14, 2021","updated_date":null,"description":null,"title":"Content Security Policy (CSP)","tags":["Secuirty Header","CSP","Content Security Policy"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/a14192a5c3e4cefed740fa3fc0e561e9/58556/content-security-policy.webp","srcSet":"/static/a14192a5c3e4cefed740fa3fc0e561e9/61e93/content-security-policy.webp 200w,\n/static/a14192a5c3e4cefed740fa3fc0e561e9/1f5c5/content-security-policy.webp 400w,\n/static/a14192a5c3e4cefed740fa3fc0e561e9/58556/content-security-policy.webp 800w,\n/static/a14192a5c3e4cefed740fa3fc0e561e9/99238/content-security-policy.webp 1200w,\n/static/a14192a5c3e4cefed740fa3fc0e561e9/7c22d/content-security-policy.webp 1600w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Vijay Singh Shekhawat","github":"code-vj","avatar":null}}}},{"node":{"excerpt":"Creating a frictionless consumer experience should be the top priority of every business striving for success in the digital world. A survey…","fields":{"slug":"/growth/consumer-journey-from-sign-up-to-purchase/"},"html":"Creating a frictionless consumer experience should be the top priority of every business striving for success in the digital world.
\nA survey by Accenture Interactive found that 48% of consumers have switched from one website to another just because the former lacked personalization—and, the trend is swiftly increasing.
\nBut how online service providers ensure they have maximum sign-ups and eventually have more conversions? Or in other words, what’s the biggest secret to winning consumer trust right from the moment a user first visits the website?
\nToday, enterprises must be aware that the secret to success lies in quickly identifying and eliminating any troubles and pain points that occur when consumers interact with their organization (whether through website or application).
\nDon’t worry, you need not do everything yourself!
\nA user identity management solution like LoginRadius does everything, literally everything for you.
\nLet’s learn how LoginRadius CIAM (consumer identity and access management) solution offers a frictionless consumer journey right from the beginning and ensures maximum conversions.
\nBusinesses need to pay close attention to consumer experience, the total of digital and in-person interactions that a user has with a brand.
\nAt baseline, a good consumer experience needs to work to deliver products and services with minimal fuss.
\nAnd if a company wants to pull out and stay ahead of the curve, that experience needs to be remarkable. Integrated. Personal. Delightful.
\nLoginRadius guarantees the same!
\nSince users already know what defines a delightful experience as they are already interacting with brands like Amazon, Google, Apple, and Microsoft, businesses must ensure they’re trying to achieve a similar grade. Failing which, users will quickly switch brands.
\nHere’s how we achieve this:
\nFrom the first step of user onboarding to the thousandth login, create a process that is welcoming and intelligent to foster great consumer relationships.
\nLoginRadius supports every human language, so all of your forms, email messages, and texts can be customized for your worldwide market.
\nChoose the fields and design your registration, login, and forgot password forms. Everything can be white-labeled, so consumers won’t know you’re using LoginRadius.
\nWhenever you need to get into your consumer’s inbox to manage the login process, LoginRadius provides customizable templates and sequences so you’re always on-brand.
\nNever turn a consumer away because your login service is down. LoginRadius has unmatched uptime, and we can handle 150K logins per second—that’s “20x More than Our Competitors”.
\nEasily connect your websites, mobile apps, and third-party services so that consumers can interact with you everywhere using a single identity.
\nSince users remember negative experiences more than positive ones, businesses must ensure they deliver the finest user experience.
\nIf your brand can identify the key problem areas that users face and are able to deliver a rich consumer-centric experience, you’re automatically ahead of your competitors.
\nLoginRadius understands the importance of a rich consumer experience throughout the onboarding journey of a user that later converts into a buyer.
\nHere’s what businesses can achieve by getting LoginRadius user onboarding system
\nin place:
\nTurn visitors into registered users with a frictionless experience. When it’s easier to create an account with your business, more people will do it.
\nEnsure users come back with a delightful experience with LoginRadius. When your digital and offline services are useful and smoothly integrated, people have no reason to look elsewhere.
\nBring in more revenue with a personalized experience. When you know people’s preferences, you can offer what they want, when they want it, the way they want it.
\nA flawless user experience coupled with a personalized consumer journey isn’t just the benefits of getting LoginRadius in place, you also get the robust line of defense.
\nYes, LoginRadius CIAM offers industry-standard security that ensures your consumer information and your business-sensitive information is stored and managed securely.
\nWith security features that industry giants like Google, Amazon, and Microsoft rely on upon, LoginRadius ensures the highest level of secure authentication and authorization.
\nLeverage the power of data with over 30 charts within customizable date ranges with LoginRadius.
\nThe smart CIAM lets you expand your understanding of customer activity over different periods of your sales or season cycles.
\nWhat’s more remarkable is that you can export data visualization elements like graphs and pie charts to Microsoft Excel with the click of a button.
\nCustomer analytics has never been more accessible with the LoginRadius Admin Console.
\nDownload Digital Identity Trend Report 2020 for detailed information regarding opportunities and risks within the identity environment through our comprehensive customer behavior analysis.
\nBusinesses today need to focus on enhancing consumer experience right from the beginning when a consumer lands on the website or application.
\nEnhancing the consumers’ preferred ways of interacting with your brand is undeniably the key to business success contributing to more conversions.
\nLoginRadius understands the importance of consumer onboarding and has designed a robust CIAM that helps brands swiftly increase sign-ups and eventually enhance conversions.
\nReady to leverage the next level of CIAM solution? Or have any doubts? Schedule a Quick Personalized Call and understand how LoginRadius can be a game-changer for your business success.
\n
In an era when everyone is locked inside their homes amid the global pandemic, businesses at a halt, and vaccination becoming the only ray of hope, numerous eCommerce businesses have flourished across the world.
\nAs the lockdown and social distancing became the new normal, businesses adopted digital transformation.
\nWhether we talk about online groceries or telemedicine, the world faced the paradigm shift and adopted digital platforms for almost every day-to-day task that otherwise required them to step out of their homes.
\nSo what’s the reason behind the immediate success of new players in the eCommerce space while others were still left with abandoned carts?
\nNot many of you would be aware that consumer identity and access management (CIAM) solutions played a crucial role in enhancing eCommerce business success.
\nFrom collecting insightful information from users to offering behavioral analysis, a CIAM solution has always been the key to win trust when it comes to pushing carts to final checkouts.
\nIn this post, we’ll learn how a CIAM solution paves the path for an eCommerce business success and how enterprises thinking to step into the eCommerce world could leverage cutting-edge CIAM solutions to scale business growth.
\nDid you know 65% of eCommerce shoppers are likely to end their relationships with online merchants after experiencing even a single instance of data theft or even a payment fraud?
\nIn a world when data and identity thefts lead to losses worth millions of dollars, securing consumer identities and sensitive information isn’t a feature. It’s a compulsion.
\nAdding more robust authentication layers, including multi-factor authentication (MFA) and risk-based authentication (RBA) to log in and sign-up procedures, can help secure consumer data and prevent a breach.
\n![\"EB-GD-to-MFA\"](\"/b319bf6ed09ba90828b27b6cc2c2eb75/EB-GD-to-MFA.webp\")
Also, these secure authentication practices help enterprises to verify the individuals quickly they say they are.
\nAdditionally, security backed with a better user experience helps build consumer trust that further paves the path for a smoother onboarding.
\nYes, a CIAM solution like LoginRadius not just offers robust security but eventually provides a seamless eCommerce consumer experience while user's sign-up for your website/application through various authentication methods, including Social Login, Passwordless Login, and Single Sign-On (SSO).
\nThe combination of security and user experience makes a CIAM the need of the hour for every B2C enterprise seeking substantial growth by winning consumer trust.
\nIf your eCommerce website isn’t generating revenues, it doesn’t necessarily mean that you don’t have visitors!
\nYes, the visitor to conversion ratio is something that brands should immediately work upon.
\nAs per recent stats, 2.17 percent of global e-commerce website visits were converted into purchases. This means that roughly two visitors out of 100 would be converted on your eCommerce platform.
\nSo how could a business enhance conversions? Or what’s the best way to analyze visitors and monitor their behavior to figure out what needs to be done?
\nWell, here’s where a CIAM like LoginRadius comes into play.
\nWith LoginRadius CIAM, you can successfully target your customer base with data collected and organized in the Admin Console.
\nThe LoginRadius Identity Platform makes complex customer analytics easy to understand via detailed graphs and customer insights.
\nMoreover, you can leverage the power of data with over 30 charts within customizable date ranges. Expand your understanding of customer activity over different periods of your sales or season cycles.
\nThis not only helps you in understanding your visitors but eventually makes it easier for you to plan your marketing around aspects that would promote conversions.
\nYou can Book a Quick 30-Minutes Demo to know how LoginRadius would specifically empower your eCommerce business.
\nThe concept of progressive profiling is getting a lot of attention these days. So, what is it, and why do retailers need it?
\nProgressive profiling collects information about your customers using dynamic web forms throughout the purchase journey.
\nHere's how this works. For example, you want some details from your customers to customize the end-user experience, or you want their consent to use some of your services, but you are afraid of losing them by asking them to fill a long registration form.
\nProgressive profiling will do wonders here. For instance, when the customer has placed the first three orders, you can ask them to fill in a small questionnaire. They will more likely answer about their preferences at this stage rather than during the registration.
\nEcommerce is the new normal in a pandemic era and beyond. Businesses that are swiftly adopting the new age of selling products and services must emphasize delivering a seamless and secure user experience.
\nA consumer identity and access management solution is undoubtedly the key to win consumer success as enterprises can identify their visitors and build personalized experiences around foremost touchpoints, including research, purchase, discovery, and more.
\n
When was the last time you signed up to a website by filling out the entire registration form? Gone are the days where you had to fill out lengthy registration forms, create different usernames and passwords, and remember them every time you tried to login - awesome, right!
\nConsumers demand a smarter experience today. They don't like to create a new ID every time they want to utilize a service. Instead, they are open to leveraging their existing digital identity securely and easily, with the opportunity to reuse it in multiple domains.
\nAnd as a response to this demand, businesses have come-up with a concept called Bring Your Own Identity (BYOI).
\nThe \"Bring your own\" trend started when organizations allowed their employees to bring their device - BYOD. Later, it gained popularity and paved the way for many such concepts like Bring your own apps (BYOA), Bring your own technology (BYOT), Bring your own cloud (BYOC), Bring your own encryption (BYOE), etc.
\nBring your own identity, or BYOI is also one such trend where consumers bring in their own digital ID, which is either managed by self or by any third-party.
\nInstead of asking consumers to fill in long forms as part of the registration process, you can allow them to choose their existing digital identity. These could be any of their social media accounts such as Facebook, Twitter, Google, or LinkedIn.
\nMoreso, with features like simplified registration (which is both quick and secure), the BYOI trend can address the problems of organizations that are losing consumers.
\nWith the pandemic forcing organizations to rethink their digital transformation, BYOI is a key part of securing user identities in 2021. BYOI (Bring Your Own Identity) will unlock the value in digital identities and is going to disrupt traditional methods of access in the future.
\nMany of your consumers have an existing digital identity, and BYOI lets them use an account they already have rather than creating a new one. By allowing your consumers to log in with an existing set of credentials, you make it simple for consumers to sign up for an account with you, increasing your overall conversion rate.
\nIdentity Brokering is an approach where organizations/businesses do not require consumers to provide their credentials to authenticate. Instead, an identity broker service acts as a bridge between the Identity and Service Providers and enables the authentication process between the two.
\nIf you are the CSO or CIO of your company looking for a platform that acts as an identity broker, the LoginRadius CIAM platform is the perfect solution that can act as a bridge between multiple identity service providers.
\nThe possibilities are endless with the LoginRadius platform in how you can set up your login flows to best serve your consumer's needs and meet your business goals. LoginRadius can integrate with any provider, so you can give your consumers the convenience and choice while having an optimized back-end infrastructure to ensure an automated and streamlined experience for your consumers.
\n
When you visit a website, it may store some basic information about you, such as your IP address, the operating system on your computer, the browser you use, ISP used to connect, location, screen resolution, etc. Some websites store login cookies on your computer, so you don't have to log in every time you visit them.
\nBut this is not all. When browsing online, you also leave enough breadcrumbs for websites and web applications to identify you.
\nWe often talk about personally identifiable information (PII), but few users know precisely what it is.
\nBesides, there are many ways to manage personal information. Having said that, it is one thing when you protect your PII from potential exploitation, and it's entirely different when a third party manages it for you.
\nSo, let us take a deep dive to discover the term personally identifiable information or PII.
\nData that helps identify a specific individual is called personally identifiable information, or PII in short. For example, your social security number is a good example of** **PII Compliance because it is unique, and the number itself will lead someone to find you directly.
\nIn addition to this, your full name, driver's license ID, email address, bank account information, password, or phone number can also be considered personally identifiable information.
\nPII has a principal role in network security, especially when it comes to data breaches and identity theft. For example, if a company that manages personal information encounters a data breach, its customers will likely suffer personal identity theft because the company-managed data will be stolen.
\n![\"RP-Protecting-PII-Against-Data-Breaches\"](\"/c673b27f12f7cefcfd503ad7676ff0a2/RP-Protecting-PII-Against-Data-Breaches.webp\")
The information related to this is stored with online marketers and brokers who trade your data to various companies that \"want to show you appropriate ads\" and provide you with an \"improved user experience.\"
\nAdvanced technology platforms have changed the way companies operate, government legislation, and personal contact. With the help of digital tools such as mobile phones, the Internet, e-commerce, and social media, the supply of all kinds of data has surged.
\nSuch data is collected, analyzed, and processed by enterprises and shared with other companies. The large amount of information enables companies to gain insights into how to better interact with customers.
\nHowever, the emergence of big data has also increased the number of data breaches and cyberattacks by entities that realize the value of this information. As a result, people are concerned about how companies handle sensitive information about their customers. Regulators are seeking new laws to protect consumer data, and users are looking for more anonymous ways to stay digital.
\nMany countries/regions have adopted multiple data protection laws like the GDPR, CCPA to create guidelines for companies collecting, storing, and sharing customers' personal information. Some basic principles outlined in these laws stipulate that certain sensitive information should not be collected except in extreme circumstances.
\nIn addition, the regulatory guidelines also stipulate that if the data is no longer needed for its intended purpose, it should be deleted, and personal information should not be shared with sources whose protection cannot be guaranteed. Moreover, supervision and protection of personally identifiable information may become a significant issue for individuals, companies, and governments in the coming years.
\nCybercriminals compromise data systems to access PII and then sell it to buyers willing to buy in the underground digital market. For example, the Internal Revenue Service (IRS) in the US suffered a data breach that resulted in the theft of the personally identifiable information of more than 100,000 taxpayers. Criminals used quasi-information stolen from multiple sources to access the IRS website application by answering personal verification questions that should belong only to taxpayers.
\nWithout considering the type or size of any company, all organizations must have some detailed and comprehensive knowledge of PII compliance it collects and how it can be utilized. The companies must have legal knowledge about which among the various country and state regulations related to PII is applied to some specific situation related to them. Also, it is important to consider that adopting acceptable use of privacy policies associated with this particular data can be advantageous.
\nThe security of personal identity and other details is at increasing risk today, with hackers finding new ways to hack into websites. Therefore, enterprises of all sizes must maintain PII compliance to protect the information of the company and its users. With PII compliance, businesses can maintain improved data security.
\n
Authentication and user identity management are challenging tasks you are bound to run into when building applications. For example, you will need to create profiles for users, validate provided passwords, implement a password reset functionalities, manage user sessions (sometimes on multiple devices), manage social media authentication, and many others.
\nYou still have to work on other parts of your application, and you might not have a lot of time. A lot of developers might hack their way through authentication, but that could lead to improper implementations. It is not advisable to do this as you can create doorways for cyber-related attacks in your application.
\nIn this tutorial, you will learn how to properly implement user authentication and identity management in a Flask application.
\n\n\nHere for the code alone? Head over to the implementation section of this article or visit this GitHub gist to browse demo code.
\n
User authentication is the process of validating a person’s identity to ascertain that they are who they claim to be. Authentication is achievable using passwords, one-time pins (OTP), biometrics, authentication apps, access tokens, certificates, and many more.
\nUser identity is an entity used to identify a user of an application uniquely. Forms of user identifiers include full names, email addresses, system-generated values, and UUIDs.
\nAn identity provider is a system that helps create, maintain, and manage user identity information. It also provides authentication services to external applications to ease their authentication flow and make it seamless.
\nWhen referring to authentication in Python, we talk about user authentication concerning web applications built with it. Python is actively used in making web applications with many supporting frameworks, including but not limited to Flask, Django, FastAPI, Bottle, and Hug.
\nEvery web application built with Python at one point or another would need to implement user authentication features. This article will cover implementing authentication and proper handling of user identity information using LoginRadius and Flask.
\nLoginRadius is a cloud-based consumer identity and access management (CIAM) platform that allows seamless user authentication and SSO integration into your application. LoginRadius is simple to use, completely secure, and highly customizable.
\nTo proceed with this tutorial, you will need an account with LoginRadius. If you have not created one before now, create one on the LoginRadius website.
\nLogin to your LoginRadius dashboard, then navigate to the app you want to integrate with Python (LoginRadius will set up a free app for you when you create an account).
\n![\"LoginRadius](\"/9f9fcb0430b89fa5c0ab46252144e277/pw6s1mqnn-yrtard7nbx.webp\")
Next, head over to the Configuration tab on the LoginRadius sidebar (left side of the screen).
![\"LoginRadius](\"/ea9ed1468469fcdba3d8c0fdebf2c088/i_alrgdnugpmtschkuuj.webp\")
Your API credentials are located under the API Key And Secret section. Once you have retrieved this, copy the APP Name, API Key, and API Secret and store them somewhere secure and easily retrievable.
![\"LoginRadius](\"/1d658bc9362be0fd7ed1a643af35012e/7lev6yc_ebtxcg62wrbe.webp\")
LoginRadius requires you to whitelist domains you will be integrating with your app. To whitelist, a domain, scroll down to the Whitelist Your Domain section in the Configuration tab of your app dashboard and add it.
![\"Domain](\"/689af03e0b523f8f87a86a4f38ffe91a/5ng50vbosmuhdhfuz-gi.webp\")
\n\nBy default, LoginRadius whitelists your local computer (localhost).
\n
We need to install the LoginRadius Python SDK. It provides functionalities that allow Python programs to communicate with LoginRadius APIs.
\nIn the terminal, type:
\npip install LoginRadius-v2 requests cryptography pbkdf2First, we need to install the Flask framework from PyPI. In the terminal, type:
\npip install flaskAfter that, create a file named server.py and save the following code in it:
from flask import *\n\napp = Flask(__name__)\napp.config["SECRET_KEY"] = "SECRET_KEY"\n\n\n@app.route("/")\ndef index():\n return "Hello World!"\n\n\nif __name__ == "__main__":\n app.run(debug=True)When you run the server.py script and open your browser, you will get a response similar to the image below:
![\"Hello](\"/b5ad3d364b16b60f9e8630be44e3cf84/vordrrnvz-vekwuickak.webp\")
Update the server.py file with the code below:
from LoginRadius import LoginRadius as LR\n\nLR.API_KEY = "API Key"\nLR.API_SECRET = "API Secret"\nloginradius = LR()Replace the values of the API_KEY and API_SECRET variables with your LoginRadius application keys we saved earlier.
To register users, you have to redirect them from your application to your LoginRadius Auth Page (IDX). Each LoginRadius app has a custom IDX. You can access it with the following URL pattern.
\nhttps://{APP_NAME}.hub.loginradius.com/auth.aspx?action={AUTH_ACTION}&return_url={RETURN_URL}APP_NAME parameter refers to your LoginRadius app name, which you can retrieve from the API Key And Secret section in the Configuration tab of your dashboard.AUTH_ACTION parameter refers to the authentication action you’re attempting to perform. It is either register or login.RETURN_URL parameter refers to the URL LoginRadius should redirect your users to after successful authentication. It is usually a route on your application server.Update the server.py file with the code below:
LR_AUTH_PAGE = "https://<APP_NAME>.hub.loginradius.com/auth.aspx?action={}&return_url={}"\n\n@app.route("/register/")\ndef register():\n # redirect the user to our LoginRadius register URL\n return redirect(LR_AUTH_PAGE.format("register", request.host_url))In the code above, we created a register route that redirects users to our LoginRadius registration IDX. We also set our AUTH_ACTION to “register” and our RETURN_URL to our application home page.
![\"LoginRadius](\"/79192f0d84a9ebca455ede5522497ab9/smn-8jr5ahgmhtynezje.webp\")
\n\nNOTE: Don’t forget to replace the <APP_NAME> placeholder with your LoginRadius app name we saved earlier.
\n
To authenticate registered users, you have to redirect them to your IDX page, passing “login” as the AUTH_ACTION.
Update the server.py file with the code below:
@app.route("/login/")\ndef login():\n access_token = request.args.get("token")\n if access_token is None:\n # redirect the user to our LoginRadius login URL if no access token is provided\n return redirect(LR_AUTH_PAGE.format("login", request.base_url))\n\n return "You have successfully logged in!"\n\nWhen LoginRadius successfully authenticates a user, it attaches a
\ntokenparameter to theREDIRECT_URLbefore redirecting your user there. This parameter contains the access token of the user that we authenticated.
In the code above, we redirect users to our LoginRadius login IDX if the token parameter is absent (this means LoginRadius did not redirect the user here). We also set our AUTH_ACTION to “login” and our RETURN_URL to our login page.
![\"LoginRadius](\"/8624b9e29ef548d70f975ecf65a31f92/7gs3xz6qhxhas7qgtjma.webp\")
![\"LoggedIn\"](\"/30d20a60f432e9415ebaf7645af42f80/xwzztcogdtmnyfq4j5nc.webp\")
We also want to fetch user profiles from the access token given by LoginRadius. It comes in handy when we want to verify if a given access token is valid (or has expired) or just fetch information about the current user.
Update the login route with the code below. We also added a dashboard route where we will redirect users after successful authentication.
@app.route("/login/")\ndef login():\n access_token = request.args.get("token")\n if access_token is None:\n # redirect the user to our LoginRadius login URL if no access token is provided\n return redirect(LR_AUTH_PAGE.format("login", request.base_url))\n\n # fetch the user profile details with their access tokens\n result = loginradius.authentication.get_profile_by_access_token(\n access_token)\n\n if result.get("ErrorCode") is not None:\n # redirect the user to our login URL if there was an error\n return redirect(url_for("login"))\n\n session["user_acccess_token"] = access_token\n\n return redirect(url_for("dashboard"))\n\n\n@app.route("/dashboard/")\ndef dashboard():\n return "You have successfully logged in!"In the code above, we used the authentication.get_profile_by_access_token method from the LoginRadius SDK to fetch our user’s details. If the request was successful and the result does not contain an ErrorCode parameter, we save the access token in the user’s session and redirect them to the dashboard route. But if an error occurs somewhere, e.g., the access token is invalid/expired, we redirect the user back to the login route.
![\"LoggedIn\"](\"/d15eed00435b16b1d05cbb201630c333/f2p7ddnwin3yihucx2em.webp\")
Next, we want to add more functionality to the dashboard route. Instead of just displaying a dummy text, let it show the user information we fetched earlier. Update the dashboard route with the code below:
@app.route("/dashboard/")\ndef dashboard():\n access_token = session.get("user_acccess_token")\n if access_token is None:\n return redirect(url_for("login"))\n\n # fetch the user profile details with their access tokens\n result = loginradius.authentication.get_profile_by_access_token(\n access_token)\n\n if result.get("ErrorCode") is not None:\n # redirect the user to our login URL if there was an error\n return redirect(url_for("login"))\n\n return jsonify(result)Here, we fetched the access token stored in the user’s session earlier, used it to get their details, and rendered the result.
\n![\"LoggedIn\"](\"/ed807cbc18a2c163fbbce57eb7789e5c/1zsvbg3rk013zlbpxx2u.webp\")
Invalidating access tokens means rendering particular access tokens useless and unusable. It comes in handy when we log out users. The LoginRadius SDK provides an auth_in_validate_access_token method that takes in an access token to be invalidated.
To add this to our server, create a logout route with the code below:
@app.route("/logout/")\ndef logout():\n access_token = session.get("user_acccess_token")\n if access_token is None:\n return redirect(url_for("login"))\n\n # invalidate the access token with LoginRadius API\n loginradius.authentication.auth_in_validate_access_token(access_token)\n session.clear()\n\n return "You have successfully logged out!"![\"Log](\"/bc9fb664300826a7397cfb8826284223/xyvodwpjtxjrjgxoffx5.webp\")
This article taught us about user authentication, user identity management, and implementing it correctly. In addition, we saw how easy it is to integrate LoginRadius services into a Python application to ease the implementation of authentication and user identity management.
\nThe source code of the demo application is available as a GitHub gist. You can learn more about the LoginRadius Python SDK features from the official documentation.
\n","frontmatter":{"date":"July 07, 2021","updated_date":null,"description":"Learn about user authentication, user identity management, and implementing it correctly into a Python application using LoginRadius.","title":"Implementing User Authentication in a Python Application","tags":["Python","Authentication","Flask"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/2005b7a832c4ee0e2301194e9f8eb64b/58556/coverImage.webp","srcSet":"/static/2005b7a832c4ee0e2301194e9f8eb64b/61e93/coverImage.webp 200w,\n/static/2005b7a832c4ee0e2301194e9f8eb64b/1f5c5/coverImage.webp 400w,\n/static/2005b7a832c4ee0e2301194e9f8eb64b/58556/coverImage.webp 800w,\n/static/2005b7a832c4ee0e2301194e9f8eb64b/99238/coverImage.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Solomon Esenyi","github":"LordGhostX","avatar":null}}}}]},"markdownRemark":{"excerpt":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards…","fields":{"slug":"/identity/developer-first-identity-provider-loginradius/"},"html":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.
\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},"pageContext":{"limit":6,"skip":450,"currentPage":76,"type":"///","numPages":164,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}