I read tons of documentations, but I cannot find e real full-working example of a Python Google App Engine that simply gives a Login/Logout button to the GOOGLE PLUS authentication system.
Probably this is due to my limited understanding.
My need is to use the info on the backend side in order to give customized contents.
Maybe that's because apparently Google+ Sign-In is being phased out, replaced by Google Sign-In: https://developers.google.com/identity/sign-in/web/quick-migration-guide.
If you're just starting it's probably better to go directly to the newer method (or maybe check if other alternatives might be available/better fitted for your app: https://developers.google.com/identity/) then re-focus your searches accordingly.
Also very important (for most if not all newer authentication methods) - pay attention to the implementation guides:
no code example will be working out of the box as various application-specific service configurations are usually needed as well
no code example will be complete since it needs to incorporate application-specific keys or other pieces of info that can only be obtained from the above service configurations
At the end I solved the problem using simpleauth.
https://simpleauth.appspot.com/
Surely the easyest and efficient way to add oauth2 authentication in your website.
Related
Bitbucket cloud APIs have decent documentation, but I could not find a comprehensive exampl showing how to make authenticated calls to those APIs.
My requirement is very simple. As a bitbucket cloud admin for a given workspace, I would like to get a list of all the repos the workspace has.
I would like to be able to do this from my python backend (a simple script & nothing else). There is no user interaction involved in this case. Now having gone through the documentation & a bunch of online resources, it appears that there are a few ways to get authentication tokens, which is (obviously) the first step to be able to call any other APIs.
Here are a few things I'm struggling with & would really appreciate any inputs around the same : (PS: pointing me to the right resources would also be great help. Don't necessarily need direct spoon fed answers :) )
What's the difference between the different tokens? On Bitbucket cloud I can see App Tokens & Oauth Consumers. Which one is the one to be used in my case above? And with each, what should be the respective header value?
What's the endpoint to which the call needs to be made? For example to get a list of the all repos in the given workspace, for which I am an admin, would it be https://api.bitbucket.org/2.0/repositories/<my_workspace_name_here> or would it be https://bitbucket.org/<my_workspace_name_here>/2.0/repositories/ or would it be something else?
There is this official python lib from Atlassian https://atlassian-python-api.readthedocs.io/index.html which does seem to talk about how to get the authentication done for Bitbucket cloud using the app password, something like using the below:
bitbucket_app_pw= Cloud(
url='https://api.bitbucket.org/',
username=bitbucket_username,
password=bitbucket_app_password,
cloud=True)
and then the corresponding API call to list the repos seems to be
bitbucket.project_list()
but the bitbucket Cloud object (in this case bitbucket_app_pw), obtained from the former snippet above, does not seem to have the project_list method at all. Is the url keyword argument to the Cloud() supposed to be exactly that, or is that just a sample & actually supposed to be replaced with something like https://api.bitbucket.org/<my_workspace_name_here>
Am I missing something here?
We use Google Apps at my organization. I am trying to just use my API key (no oauth2) to get access to users info through the Directory API in the Admin SDK. I cannot find useful examples and the Google docs are buggy. I have had a great deal of difficulty with Google's API documentation. Or perhaps I have to use oauth2?
Even if I knew some of the details about this specific API, I can't find sample code for using these APIs in Python. Does anyone have sample code or links to real-world samples? I am new to Python and we're working on the App Engine.
You must use OAuth2 authentication, API key alone is not enough as you must authenticate as a Google Apps super admin or delegated admin (with appropriate rights) in order to perform Admin SDK Directory operations.
My project, Dito GAM was recently updated with full support for Admin SDK calls. It makes use of most (all?) Directory API calls. See:
https://code.google.com/p/google-apps-manager/source/browse/trunk/gam.py
Also, if you notice bugs or ambiguities in the Google documentation, be sure to report them. It won't get any better if someone doesn't tell them about it! Use the "Report a bug" link at the bottom of all developers.google.com pages. It's very simple to use and pinpoint the exact issue.
I'm trying to understand OAuth, and I'm having a hard time figuring this basic thing out...
I have developed a service (with Python and Flask), which supports classic authentification through a dedicated login & password combination, and an "official" client in the form of a webapp. I would like my service to support OAuth and looked into flask-oauthprovider, which seems like a perfect fit for this task, but I can't seem to understand how everything should articulate.
My questions are:
Today, all my API entry points required the user to be logged in: once my service supports OAuth, should every entry points become "oauth_required" rather than "login_required"?
What is the proper way to support my "official" webapp front-end? I'd rather not have it go through the regular OAuth flow (with the extra redirections to login on the service). Should it go through OAuth with automatically granted access tokens, or should it bypass OAuth and directly use the "resource owner" login & password?
I think one of the problems with the concept behind oauthlib is that it tries too hard to be everything and the result is a difficult-to-reason-about set of abstractions (this is very similar to the python-oauth2 approach). OAuth providers in particular are tricky because you implicitly need to persist things like tokens not to mention the assumption of some kind of pre-exisiting user management. As such a "good" or idiomatic implementation tends to be more opinionated from framework to framework. In my opinion this is part of why we don't see a single Python OAuth provider implementation as an abstraction: there just aren't great solutions, but plenty of messy ones. Looking at flask-oauthprovider and we see some direct examples of these issues. I've had similar problems with flask-login, which I maintain. At any rate, this past weekend I wrote a very rough first pass of a OAuth provider in Flask that "just works"; feel free to take a look and adapt it to your needs. It assumes some things like, like MongoDB but with minimal work I think any datastore could be used.
1) Protect whichever endpoints you want to be accessible via a third-party, e.g. your public API.
2) I would avoid automatic access tokens, that defeats the person of negotiating authorization on a per-user basis, unless of course you have a different scheme, e.g. a predefined set of clients. I believe the second option you're talking about is xauth, in which case, why not just use OAuth 2.0 and grant_type=password? Bearer tokens are similar in concept but may be a little easier to implement so long as you can provide HTTPS.
Any pointers, advice on implementing a REST API on App Engine with Python? Using webapp for the application itself.
What I currently know is that I can:
hack up my own webapp handlers for handling REST-like URIs, but this seems to lose its elegance for larger amounts of resources. I mean, it's simple when it comes to temperature/atlanta, but not so much* for even a rather simple /users/alice/address/work (though do keep in mind that I'm not saying this after having implemented that, just after spending some time trying to design an appropriate handler, so my perception may be off).
use the REST functionality provided by one of the bigger Python web frameworks out there. I have some unexplainable sympathy towards web2py, but, since it's not used for the project, bundling it with the application just to provide some REST functionality seems.. overkill?
(Huh, looks like I don't like any of these approaches. Tough.)
So here's me asking: what advice, preferably based on experience, would you have for me here? What are my options, is my view of them correct, did I miss something?
Thanks in advance.
I had a similar issue. Wanting to quickly get my DataStore exposed via REST to WebApps.
Found: AppEngine REST Server.
I have only used it lightly so far, but it certainly appears to be very useful with a small amount of work. And it does use webapp as you suggested.
ProtoRPC is bundled with the SDK, and it is robust and actively developed (however experimental). Although I think the source code itself is a little convoluted, the feature-set is pretty complete and it was made by someone with experience in creating this kind of library. It supports transmiting using JSON, ProtocolBuffer and URL-encoded formats.
Also, you can create APIs that work on the server side and client side -- it defines a 'message' protocol with implementations in Python and JavaScript. I used other "RESTful" Python libraries, but no other provided this consistency out of the box.
Here is the project page and here is the mailing list.
Edit: maybe their documentation is lacking some keywords, but just to be clear: one or the purposes of ProtoRPC is to provide a solid foundation to create REST services.
I've tried to do it like they describe in the AppEngine docs but I can't get it to accept my upload. (I haven't tried to download.) I want to get it working in the development environment before I tried on the live site.
It's kind of confusing, because I don't know if I should be trying appcfg.py or bulkloader.py. (I mostly tried appcfg.py.) I think it's an authentication problem, as it keeps asking me for the email/password. (Even after I removed 'login: admin' from app.yaml.)
I did --dry_run and it seemed to work, so I think my stuff is well formed.
Before asking for specific debugging help, I thought I would ask if anyone knows of working sample code that I can download. I run OS X 10.6, if anyone cares. I'm not new to Python, and have a lot of web.py experience, so it's probably not unfamiliarity with the language that's tripping me up.
The docs have a section on uploading and downloading data, with examples. You should be using appcfg.py unless you need one of the features of bulkloader.py that are not yet integrated, such as --dump/--restore functionality.
It sounds like the authentication problems you're having are related to Google Apps: If you have an App Engine app that allows any Google account to authenticate, and you have a Google Apps account as administrator, you won't be able to authenticate against your app as an administrator with it, even if you have created a Google account for that email address. You need to create a gmail account, and add that account as an administrator, so you can use that address when you need to authenticate against your app.