Managing access rights of REST endpoints in backend server using Flask-Login

I have a Python Flask application in which I use Flask-Login to manage the access rights of the REST endpoints of the backend server. This worked quite well with a naive user-database using SQLAlchemy. However, adjusting Flask-Login to work with Kratos turned out to be trickier than I initially expected.

Specifically, Flask login requires to implement a user_loader callback. That should return a user object of a class that implements a certain interface. Instead of loading the user object from the database using SQLAlchemy, I tried to convert the response of the WhoAmI API call to an object of the requested class, but now it seems this callback is not even called. It could be related to session management of Flask behind the scenes, but I’m not sure.

A few questions:

  1. Does anyone have experience with this and can offer some guidance?
  2. Is Flask-Login the way to go, or should I manage the access rights of the REST endpoints using a different approach?

Unfortunately I do not but maybe someone else can help :slight_smile: