I have been working for a while, trying to install SimpleAuth on Google App Engine and I am running in to trouble. First off in the bottom of the sample code they have this:
def _get_consumer_info_for(self, provider):
"""Should return a tuple (key, secret) for auth init requests.
For OAuth 2.0 you should also return a scope, e.g.
('my app id', 'my app secret', 'email,user_about_me')
The scope depends solely on the provider.
See example/secrets.py.template
"""
return secrets.AUTH_CONFIG[provider]
and I don't see the secrets file anywhere nor what it is supposed to do.
Then in addition to that small problem I am curious how I am supposed to render the providers and their login URLs to the user. This page: https://github.com/crhym3/simpleauth/blob/master/example/handlers.py has a great description of the general setup but it doesn't have any description of what we actually need to pass to the user to let them login.
Thanks!
First off, please take into account that it's just an example, so some code parts were simplified for the demo purposes.
secrets is a separate module. The README file says to copy secrets.py.template into secrets.py and set proper client/consumer ids and secrets. Again, see README for info on where to get client/secrets for different providers.
The rendering is up to you. What I did as an example is this:
<p>Try logging in with one of these:</p>
Google
Facebook
Yahoo! (OpenID)
Twitter
LinkedIn
Windows Live
Those /auth/... links should get routed to your handler (normally webapp2.RequestHandler or some subclass) that's mixed in with SimpleAuthHandler.
You can see the example app live at https://simpleauth.appspot.com, hopefully it'll clarify things.
Related
I am attempting to retrieve and add function/host keys for an Azure Government function app via Python. I am currently working with the information from this question and the corresponding API page. While these are not specific to Azure Government, I would think the process would be similar after updating the URLs to the Azure Government versions. However, I am receiving the error "No route registered for '/api/functions/admin/token'" when running the jwt part of the given code. Is this approach feasible for what I am trying to do?
I also found somewhere that I instead might want to try a GET request like this:
resp = requests.get("https://management.usgovcloudapi.net/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Web/sites/<function-app-name>/functions/admin/masterkey?api-version=20XX-XX-XX", headers={"Authorization": f"Bearer {something}"})
This gives me the error "{"error":{"code":"InvalidAuthenticationToken","message":"The access token is invalid."}}", though. If this is indeed the correct approach, then what format should the Bearer token take?
Bit late answering but it may be useful for someone else in the future, it took me a while to find out how to do this.
If you want to retrieve the keys of a specific function within a function app then you can use list_function_keys() function from the Python SDK
Working with the Az management API directly may be a bit annoying and since the Azure CLI is written in Python whatever operation you do with the CLI you can do it directly in a Python script.
Here's an example of how you can retrieve the keys
from azure.identity import DefaultAzureCredential
from azure.mgmt.web import WebSiteManagementClient
# Your subscription ID
SUB_ID = "00000000-0000-0000-0000-000000000000"
fn_name = "some_function" # Name of your function
app_name = "some_app" # Name of your site/function app
rg_name = "some_rg" # Resource group name to which the function belongs
web_client = WebSiteManagementClient(subscription_id=SUB_ID, credential=DefaultAzureCredential())
keys = web_client.web_apps.list_function_keys(rg_name, app_name, fn_name)
# Your keys will be accessible in the additional_properties param
print(keys.additional_properties)
Hope it helps! I'm new on Azure so if I'm doing something wrong, please don't hesitate to point out my mistake and share your correction
I'm trying to create a very simple Facebook app (using the Python SDK) that does nothing more than post to its own page. The eventual app will make one post per day, and that's all it will do. (Please note that I am a novice programmer, and this is in part a learning exercise for me.)
My initial test code looks like this, and it successfully posts to the page:
import facebook
token = 'XXXXX'
graph = facebook.GraphAPI(access_token = token,
version = "2.1")
graph.put_object(parent_object='me',
connection_name='feed',
message='Test post to page')
The catch is that it only works if I plug in a value for token that is a valid page access token. For testing, I can get one from the Graph API Explorer, but obviously I'd like my app to be able to get one each time it runs, using its own credentials (e.g. app ID and app secret).
I have been searching for a way to do this with the Python SDK, but I have had no luck finding out how, in part because most apps are much more complicated (involving user logins and so forth). I don't see Is there a simple way to do this, or is the problem more complicated than I think it is?
There is no way to auto-generate a Page Token, but you can use an Extended Page Token - it is valid forever.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
http://www.devils-heaven.com/facebook-access-tokens/
Token debugger: https://developers.facebook.com/tools/debug/accesstoken/
I want to search through public playlists and get the tracks. So far I have code which can get the names of the playlists but not the tracks:
import spotipy
import sys
sp = spotipy.Spotify()
if len(sys.argv) > 1:
artist_name = ' '.join(sys.argv[1:])
results = sp.search(q=artist_name, limit=20, type='playlist')
for i, t in enumerate(results['playlists']['items']):
print(i,' ', t['name'])
This will print a list of the first 20 public playlists names given the search condition. What I want is to also print the tracks in each playlist! I thought this would be simple, but after searching it seems like the only way is to via authentication, which I do not want. These tracks are public, so why would I need to authenticate to list the tracks?! There are two reasons I think this. 1) if I add (in the loop):
print t['tracks']
the request response says "This request requires authentication". Additionally, I found this example on the spotipy documentation which is exactly what I want, but only for authenticated users. https://github.com/plamere/spotipy/blob/dd021c4087981b583ef0f2b276cd43bbc6fd429f/examples/user_playlists_contents.py
So, is there any way to view the tracks without authenticating as the owner of that playlist? Opening the desktop Spotify app can quickly show anyone that public playlist tracks are completely searchable and viewable so it must be possible.
I apologize if this is an extremely specific question -- but I'm not sure where else to ask seeing as this is my first time with this API or with an API like this at all. I have done quite a bit of research on this topic and now have resigned to asking for help.
This is a typical OAuth confusion. There are potentially three parties involved here.
Your application (that tiny little python snippet above)
Spotify Web API
A Spotify user
If your app wanted to find and delete a Spotify user's playlists that begin with X, the Spotify Web API would demand that your app first nicely ask the user for permission to do that. Feels natural...
In this scenario, your app Playlist X Deleter first has to authenticate to prove that it actually is Playlist X Deleter. The user then needs to authenticate with Spotify to prove that it actually is the user the Playlist X Deleter wanted to delete playlists for. Then, the user who we now know who it is needs to authorize Playlist X Deleter that we now know who it is to delete playlists.
So, you have an app that authenticates and a user who authenticates.
For information that is public, there is no obvious reason why a user needs to authenticate. There is also no obvious reason why an app needs to authenticate. However, Spotify has decided that the app must authenticate to get public playlist information. Maybe so it can disable bad users who spiders too much playlist data or otherwise abuse the api.
In this case, since there are no private playlists involved, and only read rights, no user needs to authorize anything. In the OAuth world, this is called client credentials flow https://www.rfc-editor.org/rfc/rfc6749#section-4.4
Go to the developer console and create an application to get a client_id and client_secret:
https://developer.spotify.com/my-applications/#!/applications/create
Then follow:
https://developer.spotify.com/web-api/authorization-guide/#client_credentials_flow
or in your case, supply the client_id and client_secret to spotipy through the SpotifyClientCredentials
doc: http://spotipy.readthedocs.io/en/latest/#spotipy.oauth2.SpotifyClientCredentials
example snippet (that doesn't fill in anything though): https://github.com/plamere/spotipy/blob/master/examples/client_credentials_flow.py
I'm developing a Google App Engine-app where one can fill out an online-form and based on how you fill it out a calendar post in a specific Google Calendar is created. What I'm wondering about is authorization in this type of situation where I want this form to be 100% publicly available and require no login whatsover to create the calendar post.
Using OAuth2 I have gotten the actual form and post-creation to work as I want but only when I'm signed in.
This is what I'm doing now, I have:
One registered app, let's call it form-app(.appspot.com)
One Google account, let's call it form-app-admin(#gmail.com) This account owns the Google Calendar that the posts are going in.
One API Project owned by form-app-admin
I have used these and the google-api-python-client library (with its oauth2decorator) as in the Google App Engine-example so when I'm logged in as form-app-admin and surf onto form-app.appspot.com everything works exactly as I want it to but if I am not logged in as form-app-admin, naturally, it doesn't.
So what I would like to do is to kind of grant this permission to write to form-app-admin's primary calendar to the actual app rather than the user currently using the app. Or is there a better way?
The only premises is that anyone (logged into gmail or not) should be able to fill out the form and thus creating a post in some google calendar.
Naturally I would be very thankful if anyone happened to have the appropriate python code to achieve this but primarily I want help figuring out how to go about this since I have very little experience with auth-related stuff.
Thank you for your time!
/Tottish
What you want is the App Identity API. That page shows examples of how to use the API to assert identity to Google APIs.
I'd like to be able to use the Google Data API from an AppEngine application to update a calendar while not logged in as the calendar's owner or the a user that the calendar is shared with. This is in contrast to the examples here:
http://code.google.com/appengine/articles/more_google_data.html
The login and password for the calendar's owner could be embedded in the application. Is there any way to accomplish the necessary authentication?
It should be possible using OAuth, i havent used it myself but my understanding is the user logs in and then gives your app permission to access their private data (e.g. Calendar records). Once they have authorised your app you will be able to access their data without them logging in.
Here is an article explaining oauth and the google data api.
http://code.google.com/apis/gdata/articles/oauth.html
It's possible to use ClientLogin as described here:
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html#Response
Note the section at the bottom of the document that mentions handling a CAPTCHA challenge.
There's example code included in the gdata python client in
samples/calendar/calendarExample.py
You need to call run_on_app_engine with the right arguments to make this work as described in the Appendix here:
http://code.google.com/appengine/articles/gdata.html
Note that the same document recommends against using ClientLogin for web apps. Using OAuth or AuthSub is the correct solution, but this is simpler and good enough for testing.