My flask also book does this http://a.co/gwGvY3o
That may not be a problem for an experienced dev, but for a starter in web-dev I highly appreciate a library or framework that has built-in authentication because you do not want to fuck that up. Granted - you can also fuck it up with e.g. Django, but it is way harder.
If your goal is to understand web development then I would say that a micro-framework like Flask is better because you actually have to assemble all the pieces yourself. Moreover, if you're curious about how a given feature is implemented, extension source code is often very accessible. For example, all the business logic in Flask-Login is confined to one ~450 line Python file . Not bad!
But one the other hand, if you're trying to create a production-ready service, then Django/Rails probably have fewer risks since they require fewer decisions.
Lastly, the book had a very thorough treatment of authentication. I agree that this is a huge pitfall, and I think Miguel introduced and explained the problem extremely well.
But yes, definitely grab a third party extension for auth :)
Does the book have a lot of advantage over the tutorial?
The book is much more polished. You follow along with this repo . Every chapter you simply `$ git checkout chapter-n` and you're ready to go. It's amazing.