I have a Python App Engine application where a user can log in using foursquare, then they must log in using Hunch. This all works fine but now I am trying to allow the user to authenticate on the android device. I don't want the user to have to log in to both 4sq & hunch on the phone so I want them to be able to authenticate with my backend and from there this would log on on their behalf. Is there anywhere where I could find tutorials on something like this? Should I create a custom authentication on my app or allow the user to sign on using their Google Account?
If they've already authenticated with your app, and set up oauth tokens with foursquare and Hunch, you can use this pattern to authenticate with your app.
There's no way to authenticate 'on their behalf' with your app short of asking the user for their credentials. If there were, any app would be able to impersonate you to any service you use.
Related
My flask application is deployed to App Engine and it seems to be functional and we are able to view it fine. We want to share the application with some HR folks for trying it out, but they are unable to view it - it is asking them to select a google account. Is there a way to disable this or remove user login so that those without GCP access can view the app?
I guess that your app engine is protected by IAP. For checking this, go to Security -> Identity Aware Proxy. You should have this page:
With the IAP slider in green to the right. For allowing the unauthenticated users on your service, you have to select your AppEngine service name, go to the right panel, click on AddMember. Now select allUsers and add the role IAP web app user
And save. If you want to allow on some Google accounts and/or user groups, do the same thing but not on allUsers but with the appropriate email accounts.
HOWEVER, if the IAP has been activate on the project, it's for a good reason. Be sure that you do not enforce your company policy by doing this. You also have to be authorized to perform this operation, all depends of your roles on the project.
I am working on a Google App Engine web app which exploits the Api Client Library (Python) to access drive and calendars.
When the user enters the app it is asked to log in with a Google Account. After that a second form is shown in which the Application is said to be not affiliated to Google and the user shall authorize it to access his data. In this second form the user can change the account (if it is logged with several).
This sometimes lead to inconsistencies in the app as the users.get_current_user() returns the former Account while the services accessed through the library refer to the second account.
I have been strugling on this for a long time Managing users authentication in Google App Engine
A solution would be to avoid the second account selection and forcing the user to authorize the application against the account which is currently logged.
Is there any way of doing so?
I am using the Python decorator oauth_required() and oauth_aware()
I'm using GAE remote api to access the data store of my app. The authentication to GAE is made using remote_api_stub.ConfigureRemoteApi with an authentication function that returns a user name and a password.
Is there a way for authenticating using an access_token, for example OAuth or OAuth 2.0?
There is a solution for Google accounts configured to use 2-Step Verification.
At the moment, you are probably seeing a “BadAuthentication InvalidSecondFactor" error thrown, as you are not able to properly login from the shell.
In order to solve this, you will need an App Password that authorizes the app to access your account resources. Follow the tutorial and use the generated password and the username of an admin of the target App Engine app as the credentials for Remote API.
UPDATE:
Additionally, you can take a look at the remote_api_stub.py file from the AppEngine SDK. You'll find a family of methods called _ConfigureRemoteApiWith* (note the leading underscore), such as:
_ConfigureRemoteApiWithKeyFile
_ConfigureRemoteApiWithComputeEngineCredential
_ConfigureRemoteApiWithOAuthCredentials
Methods themselves are well documented, please take a look at their docstrings. They'll let you authenticate with safer methods than usual ASP provided by remote_api_stub.ConfigureRemoteApi().
You can't use OAuth2 to connect to your app with remote_api_stub/shell. This option is not provided.
Are there any libraries that provide username and password login for Google AppEngine?
While I could try rolling one from scratch, I'd rather not try to reinvent the wheel if possible.
If not, would it be possible to turn my application into an OpenId provider and then use it to log in?
Try EngineAuth. It has many different options for authentication systems, including email+password authentication.
GAE, via its Users API, supports three types of login (Google accounts, Google Apps accounts and OpenId). For an example of the latter see this article.
The type of login used is defined when creating the app, see this for further details.
I want to create an application that allows a user to register and login to a django application with an external provider. In addition, I then want the user to be able to associate additional accounts with that initial account. Finally, I would like the user to be able to login to the application with one of the other associated accounts.
So if a user initially signs in with Facebook Connect, I want them to be able to link their Google account. Then, if they log out, they can log in with their Google account (via openid) and it logs the user in as though they logged in via Facebook Connect.
Does anything like this exist already? Or do I need to write it myself?
The perfect solution for you seems to be Django-SocialAuth. See here. From the page:
Here is an app to allow logging in via twitter, facebook, openid, yahoo, google, which should work transparently with Django authentication system. (#login_required, User and other infrastructure work as expected.) Demo and Code
Edit: I'm pretty sure that SO uses django-SocialAuth for it's login system, looking at the project's demo page.