Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OAuth2Decorator oauth_aware forces authentication

Tags:

oauth-2.0

google-app-engine

My understanding of the difference between oauth_aware and oauth_required is that aware doesn't force authorization, while required does, but that's not what I'm seeing in practice. I have the two webapp RequestHandlers below, one of whose get() method is decorated with decorator.oauth_aware and the other with decorator.oauth_required. However, when I run locally or on App Engine, both immediately redirect to the login flow.

The goal is for SplashHandler to give the user a link to authorize if they aren't already, and if they are, then forward to /tasks/.

decorator = OAuth2Decorator(
    client_id=settings.CLIENT_ID,
    client_secret=settings.CLIENT_SECRET,
    scope=settings.SCOPE,
    user_agent='mytasks')

class SplashHandler(webapp.RequestHandler):
  @decorator.oauth_aware
  def get(self):
    if not decorator.has_credentials():
      self.response.out.write(template.render('templates/convert.html',
        {'authorize_url': decorator.authorize_url()}))
    else:
      self.redirect('/tasks/')

class TasksHandler(webapp.RequestHandler):
  @decorator.oauth_required
  def get(self):
    tasks = get_tasks()
    tasks.sort(key=lambda x: x['due'])
    self.response.out.write(template.render('templates/index.html',
                                              {'tasks': tasks}))

application = webapp.WSGIApplication(
    [('/', SplashHandler), ('/tasks/', TasksHandler)], debug=True)
like image 654
Haldean Brown Avatar asked Mar 30 '12 02:03

Haldean Brown

1 Answers

The oauth_aware method aims to be definitive in being able to answer the question 'Do we have an access token for the current user?'. The only way it can answer this is by knowing who the current user is, and to do that it's using the app engine users api, which itself requires a permissions prompt to get your email/user-id via the redirects you're seeing. With oauth_required you actually get 2 redirects, this same app engine one, then then the oauth one asking for permission to G+ or Docs or whatever.

I happen to think this isn't particularly useful, I think your use-case is much more common but obviously the library-author disagrees.

Saying that, the code inside the oauth_aware function isn't very complicated, you can make your own decorator based on it that doesn't do the first redirect. The difference will be that in your case the answer to the same question will either be 'Yes' or 'I don't know', never a definitive 'No'.

like image 141
Greg Avatar answered Oct 17 '22 03:10

Greg
Sign in to Comment

Related questions

Gae Jdo persistance on one-to-many owned relationship with bidirectional navigation
How to delete entity from google App engine Datastore?
Optimising RSS parsing on App Engine to avoid high CPU warnings
Sending email from an web2py on GAE
Edit Text Field in Appengine Datastore Viewer
Google App Engine - getting count of records that match criteria over 1000
xstream on Google app engine
Best way to parse xml in Appengine with Python
Are Google App Engine (java) service classes Thread-Safe?
Example google app engine (python, Django) websites with open source [closed]
Can I build mailing list software on Google App Engine?
Mechanize not working for automating gmail login in Google Appengine
BadValueError: Property xxxx is required, even after the xxxx property has already been set? (google app engine)
Where are the reference pages of the Google App Engine bulkloader transform?
Cron jobs not running (in dev)
What is the correct way to install Google Go and App Engine SDK?
How to import local Go package in GAE
google app engine app.yaml url handlers
Python advanced string searching with operators and boolean
How do I create many-to-many relationships with Objectify on Google App Engine?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!