I'm currently developing a bottle app on GAE, and it's already got its own home-made authentication system. However, I would also like to permit access to some areas to application admins using Google Accounts. I'm looking at the documentation, but I'm not quite following it.
On the development server, hiting any _ah link sends me straight to the desired page, but on GAE, it gives me bottle's own 404 page. Can you point me to the right page where I can get started with this (preferably not the official docs which I'm having hard time with)?
NOTE: Forgot to mention it's a Python version of GAE.
_ah will work only on the development server. It's a part of appengine sdk which emulates the GAE. Coming to your point. If you want to use the google's account for admin functionalities. Then you should do something like this
from google.appengine.api import users
if users.is_current_user_admin():
Here admin refers to the appengine admin. if you want to simply use the google authentication
then you should use users.get_current_user() to get the current logged in user and implement your own logic.
Related
I am developing an Android application with a GAE backend, for sessions etc.
I want to use Google Cloud Endpoint and develop an API with custom authentication user model. I dont want to use the google's oauth. I want to implement a simple email/pass user authentication model with a session based token. I have no experience on GAE whatsoever. I have worked in python and it's frameworks(django, flask, etc).
I have looked for a sample project of this kind for past week(with no luck).
Can someone please provide me with sample code/resource on how to implement such an endpoint with session management and csrf protection along with ssl?
Ps: If you think cloud endpoints is not a good approach for my application(server backend) then please direct me to a source that may aid me in creating my own RESTful api with JSON encoding + crsf-protection and session management.
I have already seen the following but none of them have a detailed solution:
Custom Authentication for Google Cloud Endpoints (instead of OAuth2)
Google App Engine: Endpoints authentication when custom auth or Open ID is used
AppEngine Cloud Endpoints and custom Users service
You're in for a ride. It's not a simple process, but I've managed to do just what you're looking for--albeit in a slightly hackish way.
First, there's a boilerplate project for GAE (in Python) that implements a custom email/pwd login system using webapp2's extras: http://appengine.beecoss.com/
It follows the guidelines for setting up custom authentication detailed in this blog post: http://blog.abahgat.com/2013/01/07/user-authentication-with-webapp2-on-google-app-engine/
This project will set things up so that your user will start a session upon login. Now, in order to access the user information on this session in your endpoints, you'll follow the instructions to that first StackOverflow link you posted.
The key, after following the previous steps, is to match the session key in your endpoints to the session key in the config file of the boilerplate code. Then, you'll be able to get which user made the request and follow through with the endpoint call if they're validated:
self.get_user_from_cookie()
if not self.user:
raise endpoints.UnauthorizedException('Invalid token.')
It is incredibly ridiculous that this is how it works for custom authentication, so if you're used to Django and would like to implement your app that way, DO IT. It was "too late to turn back now" for me, and I despise Google for only documenting authentication schemes that work for Google account holders only.
OP, just use Django on GAE and save yourself the frustration. I'm sure there's plenty of quick integration with mobile apps that the Django community can provide.
No one wants to force their app users to have Google accounts in order to log in, Google. Stop it.
I have a web application written in raw python and hosted on apache using mod_python. I am building another web application which is django based and will be hosted on same server using mod_wsgi.
Now, the scenerio is such that user will login from the web page which is using mod_python and a link will send him to my application which will be using mod_wsgi. My question is how can I maintain session? I need the same authentication to work for my application.
Thanks in advance.
If you're using django with mod_wsgi and a raw python page which only serve a link to django application, you don't need to maintain session on both page. When user click on first link and reach the django application, just check session there.
Django have session_db which use memcache. More information can be found here:
Django Sessions
SSO across web applications is poorly supported. One thing you can look at is:
http://www.openfusion.com.au/labs/mod_auth_tkt/
What you can do is really going to depend though on what authentication database you are currently using in the mod_python application and how you are remembering that someone is logged in. If you can provide that information, may be able to suggest other things.
Conceptually: store a cookie using your raw python web page that you process in a "welcome" view or custom middleware class in Django, and insert them into the sessions db. This is basically what hungnv suggests.
The most ridiculous way to do this would be to figure out how Django deals with sessions and session cookies, insert the correct row into Django's session database from your raw python app, and then custom-set the session cookie using Django's auth functions.
I've got an app currently running on Google App Engine that takes advantage of the close integration with Google Accounts to the extent that it was the only way users would sign in. The sign-in process was this:
User would click sign-in w/ Google Account link, which would just be the output of `users.create_login_url()`
User would sign-in on Google-themed page.
User would be signed-in
Now I'm moving away from App Engine to a host with vanilla Django. I'd like to replicate that login process as much as possible, I guess using OpenID (or OAuth? I'm not sure). I'm not sure exactly how to do so, though. Would I use Django's auth APIs and just use the user's Google Account data to sign them in?
I've followed the instructions here, and now have functional little demo where I get the user's Google Account address. But that really doesn't help me much.
Anyone have experience with this, or have an idea of how one would accomplish this?
Since you can't use the App Engine API to do so (and you probably don't want to write this OpenID auth system by yourself), you better make use of a django app to do so. Have a look at Django packages. I personally have good experience with django-socialregistration, though they provide Facebook/Twitter auth as well. There also OpenID only packages available.
I'm developing a django app that integrates with google apps. I'd like to let the users login with their google apps accounts (accounts in google hosted domains, not google accounts) so they can access their docs, calendar, and whatnot.
In order to do it, I downloaded and started using django_openid_auth (and thus, python-openid).
First, to test it, I used this url in my settings:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'
And with that I managed to redirect the user to the google accounts page to login and then to return to my own domain, with the authentication cycle described by the google folks successfuly completed. However, to login to google accounts is of little use for me, as I'd like the users who have a google apps account in their hosted domain -but not a google account- to login with.
In order to do that, I read the google article on discovery " Discovering OpenID Endpoints for Hosted Domains", and changed the aforementioned setting to:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/site-xrds?hd=<my-domain>.com'
-where, obviously, <my-domain> is my actual domain ;)
But the backend responded with the following message:
OpenID authentication failed: HTTP
Response status from identity URL host
is not 200. Got status 404
Debugging a little, I managed to find out that the code in python-openid (version 2.2.4) is the one that is misinterpreting the response from google, but I'm quite at loss here.
I have seen the authentication in my own domain work in socialwok.com and puffypoodles.com So I'm quite certain that the auth cycle for my google apps domain works, but somehow python-openid can't seem to complete it (though, and I reiterate, it works just fine with plain old google accounts).
Should I try to fix python-openid, or is there another way to fix this? Has anyone successfuly managed to login with google apps in a pure django app (not in google app engine)?
According to http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains, Google changed the way of IdP Discovery and user XRDS check a little bit to give Google Apps users openid in http://example.com/openid?id=108441225163454056756 kind of format without asking the users to build their own openid servers. For small companies, people can get their openid under their domain with as few as just a domain name if they use Google Apps.
This might be a good approach because people could use their Google Apps Account for the authentication, and they can still give out openids under their own domain which they could change the authentication backend for in the future. It is simple and extendable, but sadly it hasn't became the standard yet. So, if you use standard library like python-openid, you will encounter some problems.
To solve those problems, you have to patch python-openid yourself to follow Google's approach.
I ran into the same problem before and I have a patched version of python-openid v2.1.1 which works for me.
If you need, I could post my code after some cleanup. It was a quick patch, so don't expect too much :)
I think you can give a try http://github.com/hudora/django-googleappsauth
but I found some bugs trying to fix them and translating comments
I'm developing on the Google App Engine and I would like to integrate Facebook Connect into my site as a means for registering and authenticating. In the past, I relied on Google's Accounts API for user registration. I'm trying to use Google's webapp framework instead of Django but it seems that all the resources regarding Facebook connect and GAE are very Django oriented. I have tried messing around with pyfacebook and miniFB found here at the Facebook docs but I haven't been able to make things work with the webapp framework. I'm having trouble seeing the big picture as far as how I can make this work. What advice can you give me on how to make this work or what I should be considering instead? Should I be focusing on using Javascript instead of client libraries?
Account Linking
How to write a good connect app
It's not Facebook Connect, really, but at least it's webapp FBML handling:
http://github.com/WorldMaker/pyfacebook/.../facebook/webappfb.py
This guy made a post about Facebook Connect on Google AppEngine via webapp framework. (It's stickied in the Connect Authentication forum, with 8515 views.)
Here's an example from May 15: http://myzope.kedai.com.my/blogs/kedai/236
It's based on the Guestbook example webapp, but with Facebook for authentication instead. The author does note that, "there's code duplication (when instantiating pyfacebook) in different classes," and that there should be a better way to do this.
Django sounds like it's better integrated. There's a presentation from 4 months ago on Slideshare called Where Facebook Connects Google App Engine (Robert Mao's talk at Facebook Garage Ireland). It looks like an interesting talk, though no videos of it have been posted at the moment. On slide 13, the following tools are mentioned, including Django: Google App Engine SDK, Eclipse, PyDev, Django, App Engine Patch and pyFacebook. Sample application given: http://github.com/mave99a/fb-guinness/
If you merely want authentication, this Recipe suggests using RPXnow.com for Google, AOL, Yahoo, MySpace, Facebook and OpenID logins with the Webapp Framework. Might be helpful, though doesn't appear at first glance to use Connect, is a contributed howto article on GAE's site for creating a Facebook App with Best Buy Remix.
Most of Facebook Connect (as it was formerly called, now it's "Facebook for Websites") is Javascript. The only serverside thing you really need (assuming you want to integrate it into your own usersystem) is validation of the user's Facebook login. Either minifb or pyfacebook should accomplish this task.
This tutorial might be useful:
http://dollarmani-facebook.blogspot.com/2008/09/facebook-applications.html