Group items tagged

Authentication with App Engine, regardless of where you're doing it, is a three-stage process: Obtain an authentication token. This can be done with ClientLogin for installed apps, for example, or with AuthSub for a webapp. When logging in directly to an application, this is the part of the login process where your user sees a Google signin screen. Take that authentication token, and use it to obtain an authentication cookie. Use that authentication cookie in all subsequent requests.

Once you've enabled OpenID authentication for your app, a few things change: URLs generated by create_login_url without a federated_identity parameter specified will redirect to the OpenID login page for Google Accounts. URLs that are protected by "login: required" in app.yaml or web.xml will result in a redirect to the path "/_ah/login_required", with a "continue" parameter of the page originally fetched. This allows you to provide your own openid login page. URLs generated by create_login_url with a federated_identity provider will redirect to the specified provider.

many users, when asked for their "openid URL" will simply look at you in puzzlement. What we need is a solution that avoids the need for most users to enter their URL themselves, while still allowing savvy users to do just that. Fortunately, there are a number of such solutions. One of them is clickpass. After signing in there and setting up an entry for your site, they'll provide you with code for a button that you can embed in your login page, and which allows users to choose from a number of well-known identity providers, including Hotmail, Yahoo!, Google, and Facebook, as well as entering their own URL.

This project has sample code for using OAuth support built in to AppEngine. Note that these features are only being made available at this time to get early feedback from the OAuth community.

the oauth api google app engine provide is for OAUTH PROVIDER and not OAUTH CONSUMER.

It was one of the other ways to do it, I just wanted to avoid more code in my architecture just to do this (MVP has the disadvantage of added boilerplate for simple tasks like this one). Anyway I found a workaroud, passing the URL in an invisible div in my page and then reading and populating another field in my page using GWT RootPanel.get(id), using different ids for various parts of the page.

I am trying to dump the data created in a Java app engine application.  So, I have two versions of the app - the live java version and the python version that hosts /remote_api .  (this caused the url confusion)

Perhaps you can try specifying app_id explicitly by adding "--app-id='yourappid'".

You should get prompted for authentication. Make sure remote_api is installed correctly on your server by visiting whatever you used for the --url argument in your browser. It should require you to log in then say "This request did not contain a necessary header"

This tutorial concerns using Google Accounts to maintain the existence of your users in a Google App Engine application. Google App Engine provides the class UserServiceFactory to facilitate that. UserServiceFactory is then used to generate UserService object, which in turn provides the following features createLoginURL createLogoutURL getCurrentUser isUserAdmin isUserLoggedIn You would use UserService object to generate the login URL for the browser. The browser would be directed/redirected to this URL. On reaching this URL, the Google log-in prompt would be displayed by Google's server.

You should never store a password in plain text. Use a ir-reversable data hashing algorithm, like sha or md5 Here is how you can create a hash in python: from hashlib import sha256from random import randomrandom_key = random()sha256('%s%s%s'%('YOUR SECRET KEY',random_key,password)) You should also store the random key and hash the user supplied password similarly.

signed requests will still be redirected. Auth-constraint only applies to Users logged in via the web or OpenID. This is a good feature request, however, and I will bring it up.

I was very pleased to see that the new OAuth API provides the same interface as the Users API, but I see a missed opportunity here:

my problem is that there are two versions of the method: google.appengine.api.oauth.get_current_user() google.appengine.api.users.get_current_user() one works with OAuth and one with sign-in (or am I wrong?).