Do anyone know if there are alternatives of Django-SocialAuth which support Google, Facebook, Twitter and OpenID account.
I prefer webapp version instead of Django.
Or if you have done once would you mind sharing it?
Thanks in million.
try checking out http://code.google.com/p/gaema/
from the gaema introduction,
gaema is a library that provides
various authentication systems for
Google App Engine. It is basically the
tornado.auth module extracted to work
on App Engine and independently of any
framework.
It supports login using:
OpenId
OAuth
Google Accounts
Facebook
FriendFeed Twitter
You can use one, all or a mix of these
auth methods. This is done with
minimal overhead: gaema is small and
doesn't have any dependencies, thanks
to the awesome work done by the
Tornado crew.
gaema only authenticates an user, and
doesn't provide persistence such as
sessions or secure cookies to keep the
user logged in. Because each framework
do these things in a different way, it
is up to the framework to implement
these mechanisms.
You can get gaema from
http://pypi.python.org/pypi/gaema.
Related
I am developing an Android application with a GAE backend, for sessions etc.
I want to use Google Cloud Endpoint and develop an API with custom authentication user model. I dont want to use the google's oauth. I want to implement a simple email/pass user authentication model with a session based token. I have no experience on GAE whatsoever. I have worked in python and it's frameworks(django, flask, etc).
I have looked for a sample project of this kind for past week(with no luck).
Can someone please provide me with sample code/resource on how to implement such an endpoint with session management and csrf protection along with ssl?
Ps: If you think cloud endpoints is not a good approach for my application(server backend) then please direct me to a source that may aid me in creating my own RESTful api with JSON encoding + crsf-protection and session management.
I have already seen the following but none of them have a detailed solution:
Custom Authentication for Google Cloud Endpoints (instead of OAuth2)
Google App Engine: Endpoints authentication when custom auth or Open ID is used
AppEngine Cloud Endpoints and custom Users service
You're in for a ride. It's not a simple process, but I've managed to do just what you're looking for--albeit in a slightly hackish way.
First, there's a boilerplate project for GAE (in Python) that implements a custom email/pwd login system using webapp2's extras: http://appengine.beecoss.com/
It follows the guidelines for setting up custom authentication detailed in this blog post: http://blog.abahgat.com/2013/01/07/user-authentication-with-webapp2-on-google-app-engine/
This project will set things up so that your user will start a session upon login. Now, in order to access the user information on this session in your endpoints, you'll follow the instructions to that first StackOverflow link you posted.
The key, after following the previous steps, is to match the session key in your endpoints to the session key in the config file of the boilerplate code. Then, you'll be able to get which user made the request and follow through with the endpoint call if they're validated:
self.get_user_from_cookie()
if not self.user:
raise endpoints.UnauthorizedException('Invalid token.')
It is incredibly ridiculous that this is how it works for custom authentication, so if you're used to Django and would like to implement your app that way, DO IT. It was "too late to turn back now" for me, and I despise Google for only documenting authentication schemes that work for Google account holders only.
OP, just use Django on GAE and save yourself the frustration. I'm sure there's plenty of quick integration with mobile apps that the Django community can provide.
No one wants to force their app users to have Google accounts in order to log in, Google. Stop it.
Appengine supports federated login in which arbitrary OpenID providers can be added to the list of parties who can authenticate a user. However, some organizations - notably facebook - don't support OpenID. How is it possible to combine the OpenID support provided with GAE with mechanisms that can support OAuth or other login mechanisms?
More details (GAE Python assumed)...
My understanding of the way the OpenID mechanism is intended to work is as follows:
I choose Federated Login from my app's configuration options
This allows me to easily add OpenID providers through the
create_login_url mechanism
There is some Google session management used to track the authenticated
user
I control access to resources using login: required in my
app.yaml
The session management will check if the user is authenticated
before allowing access to these resources
The issue that I have is that I can't see how this approach fits with facebook's OAuth - if the resources are access controlled by Google (per app.yaml), where is it possible to insert facebook authentication?
Notes:
I know that OpenID and OAuth are different - I am only interested in using facebook for authentication right now
I'm sure there are quite a few different ways to deal with this - I'm just wondering if there is some standard approach/best practice
I've done a little bit of digging on this and my conclusion is that it is not possible to integrate the standard Appengine authentication mechanisms (ie those provided 'for free' with Appengine) with facebook's OAuth. More specifically, the app.yaml login controls can only relate to Google's standard mechanisms and there is no way to extend them to incorporate facebook OAuth. The reason for this is that Google's standard mechanisms control the sessions and there is no mechanism to add new session controls which are recognized by the app.yaml login controls.
It is, of course, possible to integrate Google Accounts and other login mechanisms with facebook's OAuth on Appengine, but to do this you need to replicate some of the functionality that Google provide in their standard authentication mechanisms (session mgmt specifically).
I've put up a more general question comparing the different social authentication options possible with Appengine as I think it's interesting/useful, but slightly out of scope in this question: it's here
You could have a look at the Tipfy framework which has a Facebook authentication extension that would allow your users to use their Facebook login to authenticate.
I've got an app currently running on Google App Engine that takes advantage of the close integration with Google Accounts to the extent that it was the only way users would sign in. The sign-in process was this:
User would click sign-in w/ Google Account link, which would just be the output of `users.create_login_url()`
User would sign-in on Google-themed page.
User would be signed-in
Now I'm moving away from App Engine to a host with vanilla Django. I'd like to replicate that login process as much as possible, I guess using OpenID (or OAuth? I'm not sure). I'm not sure exactly how to do so, though. Would I use Django's auth APIs and just use the user's Google Account data to sign them in?
I've followed the instructions here, and now have functional little demo where I get the user's Google Account address. But that really doesn't help me much.
Anyone have experience with this, or have an idea of how one would accomplish this?
Since you can't use the App Engine API to do so (and you probably don't want to write this OpenID auth system by yourself), you better make use of a django app to do so. Have a look at Django packages. I personally have good experience with django-socialregistration, though they provide Facebook/Twitter auth as well. There also OpenID only packages available.
I'm developing a django app that integrates with google apps. I'd like to let the users login with their google apps accounts (accounts in google hosted domains, not google accounts) so they can access their docs, calendar, and whatnot.
In order to do it, I downloaded and started using django_openid_auth (and thus, python-openid).
First, to test it, I used this url in my settings:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'
And with that I managed to redirect the user to the google accounts page to login and then to return to my own domain, with the authentication cycle described by the google folks successfuly completed. However, to login to google accounts is of little use for me, as I'd like the users who have a google apps account in their hosted domain -but not a google account- to login with.
In order to do that, I read the google article on discovery " Discovering OpenID Endpoints for Hosted Domains", and changed the aforementioned setting to:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/site-xrds?hd=<my-domain>.com'
-where, obviously, <my-domain> is my actual domain ;)
But the backend responded with the following message:
OpenID authentication failed: HTTP
Response status from identity URL host
is not 200. Got status 404
Debugging a little, I managed to find out that the code in python-openid (version 2.2.4) is the one that is misinterpreting the response from google, but I'm quite at loss here.
I have seen the authentication in my own domain work in socialwok.com and puffypoodles.com So I'm quite certain that the auth cycle for my google apps domain works, but somehow python-openid can't seem to complete it (though, and I reiterate, it works just fine with plain old google accounts).
Should I try to fix python-openid, or is there another way to fix this? Has anyone successfuly managed to login with google apps in a pure django app (not in google app engine)?
According to http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains, Google changed the way of IdP Discovery and user XRDS check a little bit to give Google Apps users openid in http://example.com/openid?id=108441225163454056756 kind of format without asking the users to build their own openid servers. For small companies, people can get their openid under their domain with as few as just a domain name if they use Google Apps.
This might be a good approach because people could use their Google Apps Account for the authentication, and they can still give out openids under their own domain which they could change the authentication backend for in the future. It is simple and extendable, but sadly it hasn't became the standard yet. So, if you use standard library like python-openid, you will encounter some problems.
To solve those problems, you have to patch python-openid yourself to follow Google's approach.
I ran into the same problem before and I have a patched version of python-openid v2.1.1 which works for me.
If you need, I could post my code after some cleanup. It was a quick patch, so don't expect too much :)
I think you can give a try http://github.com/hudora/django-googleappsauth
but I found some bugs trying to fix them and translating comments
I'm developing on the Google App Engine and I would like to integrate Facebook Connect into my site as a means for registering and authenticating. In the past, I relied on Google's Accounts API for user registration. I'm trying to use Google's webapp framework instead of Django but it seems that all the resources regarding Facebook connect and GAE are very Django oriented. I have tried messing around with pyfacebook and miniFB found here at the Facebook docs but I haven't been able to make things work with the webapp framework. I'm having trouble seeing the big picture as far as how I can make this work. What advice can you give me on how to make this work or what I should be considering instead? Should I be focusing on using Javascript instead of client libraries?
Account Linking
How to write a good connect app
It's not Facebook Connect, really, but at least it's webapp FBML handling:
http://github.com/WorldMaker/pyfacebook/.../facebook/webappfb.py
This guy made a post about Facebook Connect on Google AppEngine via webapp framework. (It's stickied in the Connect Authentication forum, with 8515 views.)
Here's an example from May 15: http://myzope.kedai.com.my/blogs/kedai/236
It's based on the Guestbook example webapp, but with Facebook for authentication instead. The author does note that, "there's code duplication (when instantiating pyfacebook) in different classes," and that there should be a better way to do this.
Django sounds like it's better integrated. There's a presentation from 4 months ago on Slideshare called Where Facebook Connects Google App Engine (Robert Mao's talk at Facebook Garage Ireland). It looks like an interesting talk, though no videos of it have been posted at the moment. On slide 13, the following tools are mentioned, including Django: Google App Engine SDK, Eclipse, PyDev, Django, App Engine Patch and pyFacebook. Sample application given: http://github.com/mave99a/fb-guinness/
If you merely want authentication, this Recipe suggests using RPXnow.com for Google, AOL, Yahoo, MySpace, Facebook and OpenID logins with the Webapp Framework. Might be helpful, though doesn't appear at first glance to use Connect, is a contributed howto article on GAE's site for creating a Facebook App with Best Buy Remix.
Most of Facebook Connect (as it was formerly called, now it's "Facebook for Websites") is Javascript. The only serverside thing you really need (assuming you want to integrate it into your own usersystem) is validation of the user's Facebook login. Either minifb or pyfacebook should accomplish this task.
This tutorial might be useful:
http://dollarmani-facebook.blogspot.com/2008/09/facebook-applications.html