Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I use a mix of Appengine's OpenID and facebook OAuth for authentication on AppEngine?

Tags:

python

facebook

openid

google-app-engine

Appengine supports federated login in which arbitrary OpenID providers can be added to the list of parties who can authenticate a user. However, some organizations - notably facebook - don't support OpenID. How is it possible to combine the OpenID support provided with GAE with mechanisms that can support OAuth or other login mechanisms?

More details (GAE Python assumed)...

My understanding of the way the OpenID mechanism is intended to work is as follows:

  • I choose Federated Login from my app's configuration options
  • This allows me to easily add OpenID providers through the create_login_url mechanism
  • There is some Google session management used to track the authenticated user
  • I control access to resources using login: required in my app.yaml
    • The session management will check if the user is authenticated before allowing access to these resources

The issue that I have is that I can't see how this approach fits with facebook's OAuth - if the resources are access controlled by Google (per app.yaml), where is it possible to insert facebook authentication?

Notes:

  • I know that OpenID and OAuth are different - I am only interested in using facebook for authentication right now
  • I'm sure there are quite a few different ways to deal with this - I'm just wondering if there is some standard approach/best practice
like image 823
Sean M Avatar asked Oct 04 '11 12:10

Sean M

1 Answers

I've done a little bit of digging on this and my conclusion is that it is not possible to integrate the standard Appengine authentication mechanisms (ie those provided 'for free' with Appengine) with facebook's OAuth. More specifically, the app.yaml login controls can only relate to Google's standard mechanisms and there is no way to extend them to incorporate facebook OAuth. The reason for this is that Google's standard mechanisms control the sessions and there is no mechanism to add new session controls which are recognized by the app.yaml login controls.

It is, of course, possible to integrate Google Accounts and other login mechanisms with facebook's OAuth on Appengine, but to do this you need to replicate some of the functionality that Google provide in their standard authentication mechanisms (session mgmt specifically).

I've put up a more general question comparing the different social authentication options possible with Appengine as I think it's interesting/useful, but slightly out of scope in this question: it's here

like image 136
Sean M Avatar answered Oct 14 '22 08:10

Sean M
Sign in to Comment

Related questions

Java equivalent to Python's itertools.groupby()?
Can't input unicode in python IDE (Mac OS X)
How to get the path of the posted file in Python
Django debug toolbar on a remote server
How to use pgdb.executemany?
What is the fastest way to generate CRUD webpages for Google App Engine using Python?
Celery: access to time of last run of task?
Extracting Fields Names of an HTML form - Python
Script to move messages from one IMAP server to another
python logging how to create logfile as html
Formatting Python code for the web
How can I add a lot of Buttons to the tkinter Frame efficiently?
Unicode Hell in Pyramid: MySQL -> SQLAlchemy -> Pyramid -> JSON
Python: multiple packages with multiple setup.py files
Creating an instance of a C++ class and calling methods on it in Python
Telling __import__ where to look - am I stuck with sys.path?
graphing multiple types of plots (line, scatter, bar etc) in the same window
ply lexmatch regular expression has different groups than a usual re
"Operation not permitted" on using os.setuid( ) [python]
How to convert image which mode is "1" between PIL and numpy?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!