In my application, users sign in/sign out via openid ( same as stackoverflow ).
I would like to open up my application a bit via oauth to third party applications.
How do I create my app which is openid-consumer to make it oauth-provider?
Is there some standard library etc out there? I am basically working in app engine and python.
edit :
Maybe I did not clearly state my problem. I am using OpenID for authentication. So I do not have user passwords, just their unique federated Identity. My application needs to use third party application. I.e. kind of application that runs inside orkut and facebook. (Do you think opensocial is a a viable option instead of OAuth??)
OAuth python libraries are listed on this page:
http://oauth.net/code/
OAth and OpenID are had native support by app engine sinve 1.3.4. So you can implement transparent and solid authorization/authentication mechanism.
Related
I have a python/Flask application, on our intranet, and I want people to authenticate to it using their Azure AD credentials. Pretty much every hit on Google/Bing/etc is about how to use AD to authenticate so you can subsequently use Microsoft APIs, such as Graph or Data Lake, or they are for .NET applications, or they are for stuff running on the Azure cloud.
The closest I've come to what I need is https://github.com/cicorias/python-flask-aad-v2, and the instructions refer to some older version of Azure. It would also be nice if I could specify whether an authenticated user should have access to this app, but I can live without it and simply have a list of allowed IDs in the app's back-end.
This cannot be that hard; I've done this in the past for both GCP and AWS, but I've hit the proverbial brick wall when it came to Azure. While this is not my first overall rodeo, it is my first Azure/AD rodeo, so to speak. I'm sure that part of my problem is that, being an Azure noob, I may not even be using the right search keywords.
Help?
Do not think in terms of the providers but in terms of the Authentication standards. Since you have integrated Google Login in your app in the past then you must have used something called OAuth as the auth standard. Azure AD also supports OAuth. You can use a python package called flask-azure-oauth to integrate it in your flask app.
You can refer to below code samples available in Microsoft Identity Platform documentation (https://learn.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code#web-applications)
Sign in users - https://github.com/Azure-Samples/ms-identity-python-flask-tutorial
Sign in users and call Microsoft Graph - https://github.com/Azure-Samples/ms-identity-python-webapp
These links are for Python (Flask). You can get code samples for other languages or scenario from Microsoft Identity Platform documentation (https://learn.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code#web-applications)
I am just learning python and django and I put up a pretty decent website to manage a database and also a search page. The new requirement that I am a bit confused now is that the authentication should be done through an external provider (unknown yet, but probably LDAP or Kerberos Tickets).
My idea was to authenticate the users through this service and if successful add the user to my django created database with syncdb (where I have permissions and groups) and then bypass this user as authenticated to enable them to perform actions in the site.
Does that sound reasonable? Is there an 'accepted' approach to this kind of authentication? I am not sure if I will have to write my own authentication view.
Thanks.
Django has support for hooking up other authentication backends.
I believe that you will have to write your own authentication backend or use a third party backend if you are authenticating through some common interface such as LDAP.
The docs explain how to write an authentication backend here: https://docs.djangoproject.com/en/1.5/topics/auth/customizing/
If you plan on using LDAP, I suggest that you take a look at django-auth-ldap (https://pypi.python.org/pypi/django-auth-ldap).
This sounds quite reasonable. There are several ways to achieve this: use a third party library like django-social-auth which handles using third party applications to authenticate users via the Django user model. The other way to do this is to write your own custom backend that uses OAuth2 protocol to authenticate users via a third party application (e.g. Twitter) and saves/authorizes them as a Django user for your application. This might sound difficult but it's quite easy. I wrote an example Django application to demonstrate this functionality as well as provide a tutorial for custom backend authentication. This app/tutorial uses Django 1.5: djangoauth.thecloutenproject.com/
I've got an app currently running on Google App Engine that takes advantage of the close integration with Google Accounts to the extent that it was the only way users would sign in. The sign-in process was this:
User would click sign-in w/ Google Account link, which would just be the output of `users.create_login_url()`
User would sign-in on Google-themed page.
User would be signed-in
Now I'm moving away from App Engine to a host with vanilla Django. I'd like to replicate that login process as much as possible, I guess using OpenID (or OAuth? I'm not sure). I'm not sure exactly how to do so, though. Would I use Django's auth APIs and just use the user's Google Account data to sign them in?
I've followed the instructions here, and now have functional little demo where I get the user's Google Account address. But that really doesn't help me much.
Anyone have experience with this, or have an idea of how one would accomplish this?
Since you can't use the App Engine API to do so (and you probably don't want to write this OpenID auth system by yourself), you better make use of a django app to do so. Have a look at Django packages. I personally have good experience with django-socialregistration, though they provide Facebook/Twitter auth as well. There also OpenID only packages available.
Do anyone know if there are alternatives of Django-SocialAuth which support Google, Facebook, Twitter and OpenID account.
I prefer webapp version instead of Django.
Or if you have done once would you mind sharing it?
Thanks in million.
try checking out http://code.google.com/p/gaema/
from the gaema introduction,
gaema is a library that provides
various authentication systems for
Google App Engine. It is basically the
tornado.auth module extracted to work
on App Engine and independently of any
framework.
It supports login using:
OpenId
OAuth
Google Accounts
Facebook
FriendFeed Twitter
You can use one, all or a mix of these
auth methods. This is done with
minimal overhead: gaema is small and
doesn't have any dependencies, thanks
to the awesome work done by the
Tornado crew.
gaema only authenticates an user, and
doesn't provide persistence such as
sessions or secure cookies to keep the
user logged in. Because each framework
do these things in a different way, it
is up to the framework to implement
these mechanisms.
You can get gaema from
http://pypi.python.org/pypi/gaema.
I'm developing on the Google App Engine and I would like to integrate Facebook Connect into my site as a means for registering and authenticating. In the past, I relied on Google's Accounts API for user registration. I'm trying to use Google's webapp framework instead of Django but it seems that all the resources regarding Facebook connect and GAE are very Django oriented. I have tried messing around with pyfacebook and miniFB found here at the Facebook docs but I haven't been able to make things work with the webapp framework. I'm having trouble seeing the big picture as far as how I can make this work. What advice can you give me on how to make this work or what I should be considering instead? Should I be focusing on using Javascript instead of client libraries?
Account Linking
How to write a good connect app
It's not Facebook Connect, really, but at least it's webapp FBML handling:
http://github.com/WorldMaker/pyfacebook/.../facebook/webappfb.py
This guy made a post about Facebook Connect on Google AppEngine via webapp framework. (It's stickied in the Connect Authentication forum, with 8515 views.)
Here's an example from May 15: http://myzope.kedai.com.my/blogs/kedai/236
It's based on the Guestbook example webapp, but with Facebook for authentication instead. The author does note that, "there's code duplication (when instantiating pyfacebook) in different classes," and that there should be a better way to do this.
Django sounds like it's better integrated. There's a presentation from 4 months ago on Slideshare called Where Facebook Connects Google App Engine (Robert Mao's talk at Facebook Garage Ireland). It looks like an interesting talk, though no videos of it have been posted at the moment. On slide 13, the following tools are mentioned, including Django: Google App Engine SDK, Eclipse, PyDev, Django, App Engine Patch and pyFacebook. Sample application given: http://github.com/mave99a/fb-guinness/
If you merely want authentication, this Recipe suggests using RPXnow.com for Google, AOL, Yahoo, MySpace, Facebook and OpenID logins with the Webapp Framework. Might be helpful, though doesn't appear at first glance to use Connect, is a contributed howto article on GAE's site for creating a Facebook App with Best Buy Remix.
Most of Facebook Connect (as it was formerly called, now it's "Facebook for Websites") is Javascript. The only serverside thing you really need (assuming you want to integrate it into your own usersystem) is validation of the user's Facebook login. Either minifb or pyfacebook should accomplish this task.
This tutorial might be useful:
http://dollarmani-facebook.blogspot.com/2008/09/facebook-applications.html