We’ve all experienced a time when we thought we were logged into a site and tried to access a protected page. Some sites handle this better than others, by letting the user know that the requested page is only for authenticated users.

When our user tries to access protected pages without logging in or encounters an error upon login, its best we communicate this somehow to the user.

We can catch authorization issues by adding a new route or endpoint with the @login_manager.unauthorized_handler decorator:

@login_manager.unauthorized_handler
def unauthorized():
  # do stuff
  return "Sorry you must be logged in to view this page"

• the @login_manager.unauthorized_handler decorator ensures that any time there is an authorization issue, the unauthorized() route is called
• the message in the return statement is HTML that is served to non-authenticated users. We can replace this with a template that users who fail to login see.