OAuth authentication with GAE apps: side project or ready for prime time?
181 views
Skip to first unread message
Tim Burks
Jan 29, 2012, 8:34:07 PM1/29/12
to Google App Engine
OAuth for Python (http://code.google.com/appengine/docs/python/oauth/
overview.html) looks like a great addition to App Engine. However, I
have been having some trouble using it, and since it's marked as
"Experimental", I have some questions, beginning with this:
1) Is there someone in Google actively supporting OAuth for Python?
"Experimental" could mean that it is on the way to being fully-
supported or that it's an abandoned 20% project. Is there at least a
contact person who could discuss implementation issues? (I don't see
one listed in the documentation)
I am currently building an iOS app to work with a client's App Engine-
based service that uses OAuth.
OAuth for Python looks amazingly easy to add to an App Engine app (it
really seems to be present in all apps by default), and if there was a
working sample iOS client app, I'm sure that there would be
significant interest in the iOS development community. It would also
be good to know if OAuth for Python is abandoned and unsupported.
2) Is there a sample iOS app that demonstrates how to authenticate to
App Engine apps using OAuth? If not, is there someone in the App
Engine team who would advise me as I write one? This example would
contain both an App Engine service and a corresponding iOS client. Two
years ago Jason Cooper worked with me to create a similar
demonstration for an event that I organize (http://www.meetup.com/
sviphone/events/12372267/). This code is online at http://github.com/timburks/stickup.
I am based in Palo Alto and can come to Mountain View.
Going into details, I've managed to get through the first three steps
of the "dance": 1) getting a request token, 2) displaying the
authorization page, and 3) exchanging the request token for an access
token. But if I strictly follow the Google documentation (http://
code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken), the
process doesn't work. As documented, OAuthGetAccessToken requires an
oauth_signature parameter, but it only returns a token if I DON'T sign
my requests.
3) What's going on here?
Also, now that I've gotten a token, my signed API requests are
failing. It's certainly possible that my signing is incorrect, but
since I've made it this far and stumbled onto one undocumented
behavior in OAuthGetAccessToken, I'm suspicious of more hidden
problems.
OAuth for Python includes some great easy-to-call functions for
getting consumer and user information within an App Engine app (http://
code.google.com/appengine/docs/python/oauth/functions.html).
Curiously, both get_oauth_consumer_key() and get_current_user() throw
exceptions when I sign my requests the "right" way, using my consumer
secret and token secret, but when I sign them with only the consumer
secret, get_oauth_consumer_key() succeeds. This seems to echo the
problem that Takashi Sasaki reported on Jan 28, 2011 in this thread:
http://groups.google.com/group/google-appengine/browse_thread/thread/c22366b345138ba8/bd800533e44d29de?lnk=gst&q=oauth#bd800533e44d29de
4) See question #3.
Thanks for reading all this. Any and all help is appreciated, and I
would be happy to help spread the word about how to do this correctly
if we can get it sorted out.
- Tim
overview.html) looks like a great addition to App Engine. However, I
have been having some trouble using it, and since it's marked as
"Experimental", I have some questions, beginning with this:
1) Is there someone in Google actively supporting OAuth for Python?
"Experimental" could mean that it is on the way to being fully-
supported or that it's an abandoned 20% project. Is there at least a
contact person who could discuss implementation issues? (I don't see
one listed in the documentation)
I am currently building an iOS app to work with a client's App Engine-
based service that uses OAuth.
OAuth for Python looks amazingly easy to add to an App Engine app (it
really seems to be present in all apps by default), and if there was a
working sample iOS client app, I'm sure that there would be
significant interest in the iOS development community. It would also
be good to know if OAuth for Python is abandoned and unsupported.
2) Is there a sample iOS app that demonstrates how to authenticate to
App Engine apps using OAuth? If not, is there someone in the App
Engine team who would advise me as I write one? This example would
contain both an App Engine service and a corresponding iOS client. Two
years ago Jason Cooper worked with me to create a similar
demonstration for an event that I organize (http://www.meetup.com/
sviphone/events/12372267/). This code is online at http://github.com/timburks/stickup.
I am based in Palo Alto and can come to Mountain View.
Going into details, I've managed to get through the first three steps
of the "dance": 1) getting a request token, 2) displaying the
authorization page, and 3) exchanging the request token for an access
token. But if I strictly follow the Google documentation (http://
code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken), the
process doesn't work. As documented, OAuthGetAccessToken requires an
oauth_signature parameter, but it only returns a token if I DON'T sign
my requests.
3) What's going on here?
Also, now that I've gotten a token, my signed API requests are
failing. It's certainly possible that my signing is incorrect, but
since I've made it this far and stumbled onto one undocumented
behavior in OAuthGetAccessToken, I'm suspicious of more hidden
problems.
OAuth for Python includes some great easy-to-call functions for
getting consumer and user information within an App Engine app (http://
code.google.com/appengine/docs/python/oauth/functions.html).
Curiously, both get_oauth_consumer_key() and get_current_user() throw
exceptions when I sign my requests the "right" way, using my consumer
secret and token secret, but when I sign them with only the consumer
secret, get_oauth_consumer_key() succeeds. This seems to echo the
problem that Takashi Sasaki reported on Jan 28, 2011 in this thread:
http://groups.google.com/group/google-appengine/browse_thread/thread/c22366b345138ba8/bd800533e44d29de?lnk=gst&q=oauth#bd800533e44d29de
4) See question #3.
Thanks for reading all this. Any and all help is appreciated, and I
would be happy to help spread the word about how to do this correctly
if we can get it sorted out.
- Tim
Robert Kluin
Jan 31, 2012, 1:37:20 AM1/31/12
to google-a...@googlegroups.com
Hi Tim,
I can not answer most of your questions, in fact I'd also like to
see answers to many of them. I can tell you that I have got this
working for non-Apps users before. The last time I played with it
there were some serious quirks with Apps Domains; however, Google's
completely redone their auth system since then so maybe it works now.
I can not answer most of your questions, in fact I'd also like to
see answers to many of them. I can tell you that I have got this
working for non-Apps users before. The last time I played with it
there were some serious quirks with Apps Domains; however, Google's
completely redone their auth system since then so maybe it works now.
I'm not sure there have been any active changes to it in the past year.
http://code.google.com/p/googleappengine/source/diff?spec=svn228&r=155&format=side&path=/trunk/python/google/appengine/api/oauth/oauth_api.py&old_path=/trunk/python/google/appengine/api/oauth/oauth_api.py&old=113
Robert
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
>
Tim Burks
Jan 31, 2012, 4:03:55 PM1/31/12
to Google App Engine
Following up, I've shared a simple service and python client on
github: http://github.com/timburks/oauthchecker
The service contains a single handler that uses the oauth module to
get the consumer id and the nickname of the authenticated user.
The client is based on Joe Stump's oauth2 Python library and seems to
successfully perform the three steps to get an access token, but from
there I am unable to successfully make a signed request to the service
(all this is in the client.py script).
Requests currently fail with an InvalidOAuthParametersError exception.
If I've made a newbie signing mistake, I apologize and will leave the
corrected example up as testimony :)
thanks again,
Tim
On Jan 30, 10:37 pm, Robert Kluin <robert.kl...@gmail.com> wrote:
> Hi Tim,
> I can not answer most of your questions, in fact I'd also like to
> see answers to many of them. I can tell you that I have got this
> working for non-Apps users before. The last time I played with it
> there were some serious quirks with Apps Domains; however, Google's
> completely redone their auth system since then so maybe it works now.
>
> I'm not sure there have been any active changes to it in the past year.
> http://code.google.com/p/googleappengine/source/diff?spec=svn228&r=15...
github: http://github.com/timburks/oauthchecker
The service contains a single handler that uses the oauth module to
get the consumer id and the nickname of the authenticated user.
The client is based on Joe Stump's oauth2 Python library and seems to
successfully perform the three steps to get an access token, but from
there I am unable to successfully make a signed request to the service
(all this is in the client.py script).
Requests currently fail with an InvalidOAuthParametersError exception.
If I've made a newbie signing mistake, I apologize and will leave the
corrected example up as testimony :)
thanks again,
Tim
On Jan 30, 10:37 pm, Robert Kluin <robert.kl...@gmail.com> wrote:
> Hi Tim,
> I can not answer most of your questions, in fact I'd also like to
> see answers to many of them. I can tell you that I have got this
> working for non-Apps users before. The last time I played with it
> there were some serious quirks with Apps Domains; however, Google's
> completely redone their auth system since then so maybe it works now.
>
> I'm not sure there have been any active changes to it in the past year.
>
> Robert
>
>
>
>
>
>
>
> On Sun, Jan 29, 2012 at 20:34, Tim Burks <t...@radtastical.com> wrote:
> > OAuth for Python (http://code.google.com/appengine/docs/python/oauth/
> > overview.html) looks like a great addition to App Engine. However, I
> > have been having some trouble using it, and since it's marked as
> > "Experimental", I have some questions, beginning with this:
>
> > 1) Is there someone in Google actively supporting OAuth for Python?
> > "Experimental" could mean that it is on the way to being fully-
> > supported or that it's an abandoned 20% project. Is there at least a
> > contact person who could discuss implementation issues? (I don't see
> > one listed in the documentation)
>
> > I am currently building an iOS app to work with a client's App Engine-
> > based service that uses OAuth.
>
> > OAuth for Python looks amazingly easy to add to an App Engine app (it
> > really seems to be present in all apps by default), and if there was a
> > working sample iOS client app, I'm sure that there would be
> > significant interest in the iOS development community. It would also
> > be good to know if OAuth for Python is abandoned and unsupported.
>
> > 2) Is there a sample iOS app that demonstrates how to authenticate to
> > App Engine apps using OAuth? If not, is there someone in the App
> > Engine team who would advise me as I write one? This example would
> > contain both an App Engine service and a corresponding iOS client. Two
> > years ago Jason Cooper worked with me to create a similar
> > demonstration for an event that I organize (http://www.meetup.com/
> > sviphone/events/12372267/). This code is online athttp://github.com/timburks/stickup.
> Robert
>
>
>
>
>
>
>
> On Sun, Jan 29, 2012 at 20:34, Tim Burks <t...@radtastical.com> wrote:
> > OAuth for Python (http://code.google.com/appengine/docs/python/oauth/
> > overview.html) looks like a great addition to App Engine. However, I
> > have been having some trouble using it, and since it's marked as
> > "Experimental", I have some questions, beginning with this:
>
> > 1) Is there someone in Google actively supporting OAuth for Python?
> > "Experimental" could mean that it is on the way to being fully-
> > supported or that it's an abandoned 20% project. Is there at least a
> > contact person who could discuss implementation issues? (I don't see
> > one listed in the documentation)
>
> > I am currently building an iOS app to work with a client's App Engine-
> > based service that uses OAuth.
>
> > OAuth for Python looks amazingly easy to add to an App Engine app (it
> > really seems to be present in all apps by default), and if there was a
> > working sample iOS client app, I'm sure that there would be
> > significant interest in the iOS development community. It would also
> > be good to know if OAuth for Python is abandoned and unsupported.
>
> > 2) Is there a sample iOS app that demonstrates how to authenticate to
> > App Engine apps using OAuth? If not, is there someone in the App
> > Engine team who would advise me as I write one? This example would
> > contain both an App Engine service and a corresponding iOS client. Two
> > years ago Jason Cooper worked with me to create a similar
> > demonstration for an event that I organize (http://www.meetup.com/
> > I am based in Palo Alto and can come to Mountain View.
>
> > Going into details, I've managed to get through the first three steps
> > of the "dance": 1) getting a request token, 2) displaying the
> > authorization page, and 3) exchanging the request token for an access
> > token. But if I strictly follow the Google documentation (http://
> > code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken), the
> > process doesn't work. As documented, OAuthGetAccessToken requires an
> > oauth_signature parameter, but it only returns a token if I DON'T sign
> > my requests.
>
> > 3) What's going on here?
>
> > Also, now that I've gotten a token, my signed API requests are
> > failing. It's certainly possible that my signing is incorrect, but
> > since I've made it this far and stumbled onto one undocumented
> > behavior in OAuthGetAccessToken, I'm suspicious of more hidden
> > problems.
>
> > OAuth for Python includes some great easy-to-call functions for
> > getting consumer and user information within an App Engine app (http://
> > code.google.com/appengine/docs/python/oauth/functions.html).
>
> > Curiously, both get_oauth_consumer_key() and get_current_user() throw
> > exceptions when I sign my requests the "right" way, using my consumer
> > secret and token secret, but when I sign them with only the consumer
> > secret, get_oauth_consumer_key() succeeds. This seems to echo the
> > problem that Takashi Sasaki reported on Jan 28, 2011 in this thread:
>
> >http://groups.google.com/group/google-appengine/browse_thread/thread/...
>
> > Going into details, I've managed to get through the first three steps
> > of the "dance": 1) getting a request token, 2) displaying the
> > authorization page, and 3) exchanging the request token for an access
> > token. But if I strictly follow the Google documentation (http://
> > code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken), the
> > process doesn't work. As documented, OAuthGetAccessToken requires an
> > oauth_signature parameter, but it only returns a token if I DON'T sign
> > my requests.
>
> > 3) What's going on here?
>
> > Also, now that I've gotten a token, my signed API requests are
> > failing. It's certainly possible that my signing is incorrect, but
> > since I've made it this far and stumbled onto one undocumented
> > behavior in OAuthGetAccessToken, I'm suspicious of more hidden
> > problems.
>
> > OAuth for Python includes some great easy-to-call functions for
> > getting consumer and user information within an App Engine app (http://
> > code.google.com/appengine/docs/python/oauth/functions.html).
>
> > Curiously, both get_oauth_consumer_key() and get_current_user() throw
> > exceptions when I sign my requests the "right" way, using my consumer
> > secret and token secret, but when I sign them with only the consumer
> > secret, get_oauth_consumer_key() succeeds. This seems to echo the
> > problem that Takashi Sasaki reported on Jan 28, 2011 in this thread:
>
N. Rosencrantz
Jan 31, 2012, 10:38:12 PM1/31/12
to google-a...@googlegroups.com
I could use OAuth to enable login with Twitter and login with Facebook.
The implementation was rather straightforward. I followed the docs about OAuth from Facebook:
http://developers.facebook.com/docs/authentication/
The implementation was rather straightforward. I followed the docs about OAuth from Facebook:
http://developers.facebook.com/docs/authentication/
Tim Burks
Feb 6, 2012, 12:55:14 PM2/6/12
to Google App Engine
Updating: After Christina Ilvento at Google pointed me to Ikai Lan's
example (http://ikaisays.com/2011/05/26/setting-up-an-oauth-provider-
on-google-app-engine), I switched from a Python App Engine provider to
one based on Java. Now the Python client code that I posted works
(http://github.com/timburks/oauthchecker/client.py).
So it seems that the Python support for OAuth provision on App Engine
is questionable, if not broken.
Tim
On Jan 31, 1:03 pm, Tim Burks <t...@radtastical.com> wrote:
> Following up, I've shared a simple service and python client on
> github:http://github.com/timburks/oauthchecker
>
> The service contains a single handler that uses theoauthmodule to
example (http://ikaisays.com/2011/05/26/setting-up-an-oauth-provider-
on-google-app-engine), I switched from a Python App Engine provider to
one based on Java. Now the Python client code that I posted works
(http://github.com/timburks/oauthchecker/client.py).
So it seems that the Python support for OAuth provision on App Engine
is questionable, if not broken.
Tim
On Jan 31, 1:03 pm, Tim Burks <t...@radtastical.com> wrote:
> Following up, I've shared a simple service and python client on
> github:http://github.com/timburks/oauthchecker
>
> get the consumer id and the nickname of the authenticated user.
>
> The client is based on Joe Stump's oauth2 Python library and seems to
> successfully perform the three steps to get an access token, but from
> there I am unable to successfully make a signed request to the service
> (all this is in the client.py script).
>
> Requests currently fail with an InvalidOAuthParametersError exception.
>
> If I've made a newbie signing mistake, I apologize and will leave the
> corrected example up as testimony :)
>
> thanks again,
>
> Tim
>
> On Jan 30, 10:37 pm, Robert Kluin <robert.kl...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Hi Tim,
> > I can not answer most of your questions, in fact I'd also like to
> > see answers to many of them. I can tell you that I have got this
> > working for non-Apps users before. The last time I played with it
> > there were some serious quirks with Apps Domains; however, Google's
> > completely redone their auth system since then so maybe it works now.
>
> > I'm not sure there have been any active changes to it in the past year.
> > http://code.google.com/p/googleappengine/source/diff?spec=svn228&r=15...
>
> > Robert
>
> > On Sun, Jan 29, 2012 at 20:34, Tim Burks <t...@radtastical.com> wrote:
> > >OAuthfor Python (http://code.google.com/appengine/docs/python/oauth/
>
> The client is based on Joe Stump's oauth2 Python library and seems to
> successfully perform the three steps to get an access token, but from
> there I am unable to successfully make a signed request to the service
> (all this is in the client.py script).
>
> Requests currently fail with an InvalidOAuthParametersError exception.
>
> If I've made a newbie signing mistake, I apologize and will leave the
> corrected example up as testimony :)
>
> thanks again,
>
> Tim
>
> On Jan 30, 10:37 pm, Robert Kluin <robert.kl...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Hi Tim,
> > I can not answer most of your questions, in fact I'd also like to
> > see answers to many of them. I can tell you that I have got this
> > working for non-Apps users before. The last time I played with it
> > there were some serious quirks with Apps Domains; however, Google's
> > completely redone their auth system since then so maybe it works now.
>
> > I'm not sure there have been any active changes to it in the past year.
> > http://code.google.com/p/googleappengine/source/diff?spec=svn228&r=15...
>
> > Robert
>
> > On Sun, Jan 29, 2012 at 20:34, Tim Burks <t...@radtastical.com> wrote:
> > > overview.html) looks like a great addition to App Engine. However, I
> > > have been having some trouble using it, and since it's marked as
> > > "Experimental", I have some questions, beginning with this:
>
> > > 1) Is there someone in Google actively supportingOAuthfor Python?
> > > have been having some trouble using it, and since it's marked as
> > > "Experimental", I have some questions, beginning with this:
>
> > > "Experimental" could mean that it is on the way to being fully-
> > > supported or that it's an abandoned 20% project. Is there at least a
> > > contact person who could discuss implementation issues? (I don't see
> > > one listed in the documentation)
>
> > > I am currently building an iOS app to work with a client's App Engine-
> > > based service that usesOAuth.
>
> > >OAuthfor Python looks amazingly easy to add to an App Engine app (it
> > > supported or that it's an abandoned 20% project. Is there at least a
> > > contact person who could discuss implementation issues? (I don't see
> > > one listed in the documentation)
>
> > > I am currently building an iOS app to work with a client's App Engine-
> > > based service that usesOAuth.
>
> > > really seems to be present in all apps by default), and if there was a
> > > working sample iOS client app, I'm sure that there would be
> > > significant interest in the iOS development community. It would also
> > > be good to know ifOAuthfor Python is abandoned and unsupported.
> > > working sample iOS client app, I'm sure that there would be
> > > significant interest in the iOS development community. It would also
>
> > > 2) Is there a sample iOS app that demonstrates how to authenticate to
> > > App Engine apps usingOAuth? If not, is there someone in the App
> > > 2) Is there a sample iOS app that demonstrates how to authenticate to
> > > Engine team who would advise me as I write one? This example would
> > > contain both an App Engine service and a corresponding iOS client. Two
> > > years ago Jason Cooper worked with me to create a similar
> > > demonstration for an event that I organize (http://www.meetup.com/
> > > sviphone/events/12372267/). This code is online athttp://github.com/timburks/stickup.
> > > I am based in Palo Alto and can come to Mountain View.
>
> > > Going into details, I've managed to get through the first three steps
> > > of the "dance": 1) getting a request token, 2) displaying the
> > > authorization page, and 3) exchanging the request token for an access
> > > token. But if I strictly follow the Google documentation (http://
> > > code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken), the
> > > process doesn't work. As documented, OAuthGetAccessToken requires an
> > > oauth_signature parameter, but it only returns a token if I DON'T sign
> > > my requests.
>
> > > 3) What's going on here?
>
> > > Also, now that I've gotten a token, my signed API requests are
> > > failing. It's certainly possible that my signing is incorrect, but
> > > since I've made it this far and stumbled onto one undocumented
> > > behavior in OAuthGetAccessToken, I'm suspicious of more hidden
> > > problems.
>
> > >OAuthfor Python includes some great easy-to-call functions for
> > > contain both an App Engine service and a corresponding iOS client. Two
> > > years ago Jason Cooper worked with me to create a similar
> > > demonstration for an event that I organize (http://www.meetup.com/
> > > sviphone/events/12372267/). This code is online athttp://github.com/timburks/stickup.
> > > I am based in Palo Alto and can come to Mountain View.
>
> > > Going into details, I've managed to get through the first three steps
> > > of the "dance": 1) getting a request token, 2) displaying the
> > > authorization page, and 3) exchanging the request token for an access
> > > token. But if I strictly follow the Google documentation (http://
> > > code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken), the
> > > process doesn't work. As documented, OAuthGetAccessToken requires an
> > > oauth_signature parameter, but it only returns a token if I DON'T sign
> > > my requests.
>
> > > 3) What's going on here?
>
> > > Also, now that I've gotten a token, my signed API requests are
> > > failing. It's certainly possible that my signing is incorrect, but
> > > since I've made it this far and stumbled onto one undocumented
> > > behavior in OAuthGetAccessToken, I'm suspicious of more hidden
> > > problems.
>
Reply all
Reply to author
Forward
0 new messages