I'm currently building a Python webapp on the Google App Engine and I want to expose various parts of my application via a JSON API. This API may be used in the form of a mobile client, or (for the purposes of testing) a headless Python script.
I need to be able to authenticate users before they perform operations on the API. I notice that the Users API does not support simple authentication [in the form of authenticate(username, password)] so merely sending the username/password to a URL and then later using some given token would not work.
Ultimately, I would like the application to use Facebook Connect in addition to its own logins.
Could somebody please suggest how is the best way to authenticate users in this situation, using a remote JSON API and the Google App Engine?
Cheers
You might want to check out the recently released oauth support. Failing that, you can implement your own authentication, for example by using simple or digest authentication.
Just for the record, I ended up going with the wonderful Tipfy framework in the end.
Related
I'm building a PWA with django/python on the server-side and vue on the client-side and want to use firebase as a database as well as make use of the firebase authentication.
After some thorough research I realised that I had to make a few choices.
Question 1: Authentication
I can do authentication on the client-side or server-side. Which one would be best (more secure) ?
Question 2: Database
In terms of CRUDS I am a bit conflicted. Do I write all my data to firestore from the client-side?
Do I rather use api's to communicate with my backend and then write data to firestore from the backend? What are the security implications of doing this?
Should I just use both in terms of context? If there are no security implications I would do my authentication client-side and my CRUDS from the server-side. I think I would also have to check authentication to write to the database from the backend.
Authentication of a user's credentials should always happen on a server, as it can't be securely done on the client's computer. What Firebase Authentication allows however, is that the authentication runs on Google's servers, while you control it from a simple client-side API call.
I am trying to create a daemon python application which will get emails from outlook server using Microsoft outlook graph API. They have provided excellent tutorial and documentation on how to get it done for python app like django and flask. But I want to create daemon script which can get access code without using web interface(which was used in django).
Note: This app will only collect email from single email and will feed it to db.
Any help is appriciated.
It really depends on what kind of security you need. You can have your daemon/service authenticate with username/password directly, or you can have it authenticate with a certificate.
There are several different authentication scenarios, take a look at the docs page.
Either way, you need to register your daemon as an app in Azure and give it permissions to the Outlook API, just as if it were a web app.
I'm new to Okta and I'm having a tough time wrapping my head around what I need to do in order to authenticate users.
I'm writing a web portal for a company that already uses Okta internally.
They have requested that I use Okta to authenticate users. That is the only Okta integration requirement.
The portal uses vanilla JS/CSS/HTML5 on the front end, and a custom Python api layer and Python back end for serving data.
I've read through the guide over at http://developer.okta.com/docs/guides/pysaml2.html and I can't help but think this seems like overkill to simply authenticate users.
I saw that when I created a sample app that I could create the app with Secure Web Authentication rather than SAML. Is that advisable in my case? Do we need to use SAML?
If SAML is the correct approach, I'm feeling a bit lost after reading through the documentation about where to even begin. The app itself isn't really a Python app, although Python is used.
I have the Okta app created. I have the custom web app created with a custom Python backend and API layer.
Any tips on how to connect the two in order to authenticate users?
Have you seen this: http://developer.okta.com/docs/guides/okta_sign-in_widget
Seems most appropriate to your situation.
I'm using GAE remote api to access the data store of my app. The authentication to GAE is made using remote_api_stub.ConfigureRemoteApi with an authentication function that returns a user name and a password.
Is there a way for authenticating using an access_token, for example OAuth or OAuth 2.0?
There is a solution for Google accounts configured to use 2-Step Verification.
At the moment, you are probably seeing a “BadAuthentication InvalidSecondFactor" error thrown, as you are not able to properly login from the shell.
In order to solve this, you will need an App Password that authorizes the app to access your account resources. Follow the tutorial and use the generated password and the username of an admin of the target App Engine app as the credentials for Remote API.
UPDATE:
Additionally, you can take a look at the remote_api_stub.py file from the AppEngine SDK. You'll find a family of methods called _ConfigureRemoteApiWith* (note the leading underscore), such as:
_ConfigureRemoteApiWithKeyFile
_ConfigureRemoteApiWithComputeEngineCredential
_ConfigureRemoteApiWithOAuthCredentials
Methods themselves are well documented, please take a look at their docstrings. They'll let you authenticate with safer methods than usual ASP provided by remote_api_stub.ConfigureRemoteApi().
You can't use OAuth2 to connect to your app with remote_api_stub/shell. This option is not provided.
I built an IMAP client using this library:
Gmail IMAP and SMTP using OAuth - Libraries and Samples
http://code.google.com/apis/gmail/oauth/code.html
I need to search all the emails in the Inbox and return only those emails matching with my "subject" and which are sent in last 24hrs. Once i have that email i want to read the body and do some processing. I was able to do all of this using above library but when i deploy this code on GAE it fails with with "Security violation" as my code is trying to set some of the following system properties:
props.put("mail.imaps.sasl.enable", "true");
props.put("mail.imaps.sasl.mechanisms", "XOAUTH");
props.put(XoauthSaslClientFactory.OAUTH_TOKEN_PROP, oauthToken);
What are my other alternatives to achieve this task? Few people were talking about RSS feed. Can we achieve what i am looking for using this technique? Any inputs will be appreciated.
Thank You.
I've heard that ContextIO is providing APIs to access GMAIL account. I've tested to get all contacts, emails, files, email's body successfully. The APIs are quite easy to use. You need some steps to obtain ContextIO's Consumer Keys.
They's also providing an API to fetch mails from Google App Engine. Currently, I'm working to bring a demo and hopefully will update this answer soon. However, it's very straight forward and interesting to do :)
App Engine Blogs
Context IO's site
Hope it helps
Google App Engine only allows http/s communication thru the urlfetch API.
IMAP cannot be used on the production servers.
You can try using urlfetch using GMail built in RSS feed (https://USERNAME%3aPASSWORD#gmail.google.com/gmail/feed/atom).
You can use Google Apps script to access your inbox and send the result to App Engine.
http://code.google.com/googleapps/appsscript/service_gmail.html
F.I. I use Apps Script with Google Spreadsheets to make reports, based on data in GAE, using a hmac signature to authenticate.