I was totally confused over how to use flask-security, and researching that made me super confused about sessions vs. cookies vs. tokens, and researching that brought me to the topic of the model-view-controller (MVC). Long story short, I found a pretty good video that introduces the paradigm:
After watching it, I realised I could reduce my code by maybe 90% if I abstracted away huge repetitive bunches of it. I knew this in the back of my mind before but was too caught up learning the basic basics to think about it clearly. Anyway, after watching a few more videos, I think this is one of the better introductions. It provides a brief enough history that segues smoothly into contemporary practice.
I'm still completely baffled with flask-security and slightly more clear about sessions-cookies-tokens. RTFM not working, especially for flask-security.