MatMoore/auth.md

Created August 18, 2025 10:34

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/MatMoore/e079ae9e2a896fe82a663c3234ee922b.js"></script>
Save MatMoore/e079ae9e2a896fe82a663c3234ee922b to your computer and use it in GitHub Desktop.

Download ZIP

Some authorization options for python

Raw

auth.md

Some authorization options for python apps

Django-specific

django.contrib.auth

Comes with ModelBackend - an authorization system based on permissions stored in the database. You need to assign to user or groups.

By default there are CRUD permissions created per model, which is very granular. You can also define custom permissions at a model level.

Pros:

No extra libraries

Cons:

Permissions are coupled to models, so permissions and assignments need to be migrated if you change how data is represented
Need something extra for object-level permissions, e.g. django-guardian
Programatically assigning permissions is a faff. Permissions get created in a post-migrate signal, so permission assignments must be done post-migrate as well.

Django rules

This is a neat way of defining policies in python code. Each rule is a function that returns true and false.

Pros:

Can be used to set up a simple RBAC system
Support object level rules as well, e.g. ownership rules

Flask-specific

flask-authorize

Database based Groups, Roles, Permissions

Extra infrastructure

Open policy agent

useful for microservice architectures where you want to share rules

Casbin

seems very complicated

Graph based

SpiceDB
Keto

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment