Not using Flask, but I've been using Django as backend for various iOS apps over the years. My recipe is just a REST API library + Django OAuth2 Provider. I imagine if I were to use Flask, I'll do the same thing: implementing the REST API and gate it using OAuth2. Plenty of library in iOS side that make hooking up with OAuth2 relatively easy.