This part of the documentation documents all the public classes, functions, and API details in Flask-Stormpath. This documentation is auto generated, and is always a good up-to-date reference.


class flask.ext.stormpath.StormpathManager(app=None)[source]

This object is used to hold the settings used to communicate with Stormpath. Instances of StormpathManager are not bound to specific apps, so you can create one in the main body of your code and then bind it to your app in a factory function.


Lazily load the Stormpath Client object we need to access the raw Stormpath SDK.


Lazily load the Stormpath Application object we need to handle user authentication, etc.


Return the user’s Flask-Login login view, behind the scenes.

static load_user(account_href)[source]

Given an Account href (a valid Stormpath Account URL), return the associated User account object (or None).

Returns:The User object or None.


class flask.ext.stormpath.User(client, href=None, properties=None, query=None, expand=None)[source]

The base User object.

This can be used as described in the Stormpath Python SDK documentation: https://github.com/stormpath/stormpath-sdk-python


Return the unique user identifier (in our case, the Stormpath resource href).


A user account is active if, and only if, their account status is ‘ENABLED’.


We don’t support anonymous users, so this is always False.


All users will always be authenticated, so this will always return True.

classmethod from_login(login, password)[source]

Create a new User class given a login (email or username), and password.

If something goes wrong, this will raise an exception – most likely – a StormpathError (flask_stormpath.StormpathError).


flask.ext.stormpath.groups_required(groups, all=True)[source]

This decorator requires that a user be part of one or more Groups before they are granted access.

  • groups (list) –

    (required) A list of Groups to restrict access to. A group can be:

    • A Group object.
    • A Group name (as a string).
    • A Group href (as a string).
  • all (bool) – (optional) Should we ensure the user is a member of every group listed? Default: True. If this is set to False, we’ll let the user into the view if the user is part of at least one of the specified groups.


@groups_required(['admins', 'developers'])
def private_view():
    '''Only admins and developers will be able to visit this page.'''
    return 'hi!'

If you decorate a view with this, it will ensure that the current user is logged in and authenticated before calling the actual view. (If they are not, it calls the LoginManager.unauthorized callback.) For example:

def post():

If there are only certain times you need to require that your user is logged in, you can do so with:

if not current_user.is_authenticated:
    return current_app.login_manager.unauthorized()

...which is essentially the code that this function adds to your views.

It can be convenient to globally turn off authentication when unit testing. To enable this, if the application configuration variable LOGIN_DISABLED is set to True, this decorator will be ignored.

Parameters:func (function) – The view function to decorate.

Request Context


Acts as a proxy for a werkzeug local. Forwards all operations to a proxied object. The only operations not supported for forwarding are right handed operands and any kind of assignment.

Example usage:

from werkzeug.local import Local
l = Local()

# these are proxies
request = l('request')
user = l('user')

from werkzeug.local import LocalStack
_response_local = LocalStack()

# this is a proxy
response = _response_local()

Whenever something is bound to l.user / l.request the proxy objects will forward all operations. If no object is bound a RuntimeError will be raised.

To create proxies to Local or LocalStack objects, call the object as shown above. If you want to have a proxy to an object looked up by a function, you can (as of Werkzeug 0.6.1) pass a function to the LocalProxy constructor:

session = LocalProxy(lambda: get_current_request().session)

Changed in version 0.6.1: The class can be instanciated with a callable as well now.