[recuter]

Depending on the complexity of the project it might take you just as long to read how a monolithic framework decided to tie everything together (warts and all, because that will inevitably have historical cruft and technical debt).

The extensions were mentioned; User logins for example are just a "pip install Flask-Login" and "from flaskext.login import whatever" away. I had reason to roll my own, ~100 simple lines that were easily plugged.

There are pros and cons, neither is "better", the right tradeoff depends on what you're making.

[anthonyb]

Well, except that the login process for Django has a lot more people looking at it, and you know that the parts are going to work together pretty well.

For example, Flask-Login (https://github.com/maxcountryman/flask-login/blob/master/fla...) imports md5 and sha1 - not a very good sign. How do I make it use something sane? Well, there's Flask-Bcrypt, which provides bcrypt hashing... except that it makes no mention of Flask-Login or how to integrate it. Flask-Login also doesn't mention Flask-Bcrypt.

So... you're back to hacking on or digging into Flask-Login to figure out how it works and making it use Bcrypt or some other hashing algorithm.

Wait - I just realised that Flask-Login doesn't handle storing user data or models, or checking passwords, just logging them in. So what do I need for that? Is that Flask-Principal? And just WTH is an IdentityContext, anyway?

  An IdentityContext is the context of a certain identity
  against a certain Permission. It can be used as a 
  context manager, or a decorator.

You see why people use Django now? :) Sometimes you just want the standard user-logging-in-and-storing-in-the-database without having to write it yourself.