Custom user authentication...

[Pankaj Chawla]

Hi

I understand that google appengine supports user authentication using google 

accounts or openid or google app accounts. I am trying to build an application 

on appspot.com where the end user may not have google or openid accounts and 

hence need to support a custom user authentication with datastore based users. 

Before I decide to write one from scratch I was wondering if the user authentication 

of say Django or any other python framework can be leveraged.

One option for me is to pick a google app account and then provide an interface to

allow user creation for my custom domain like us...@example.com but I figured

that beyond 10 users, Google Apps account charges $5 per user account. Thats

seems to be a lot of money just for user creation as they wont be using the other

add-ons that come with the Google App account.

Thanks

Pankaj

[Tim Hoffman]

Hi

I have implemented a custom authentication/authorisation using repoze.who and repoze.what wsgi middleware.
The core of the app used bobo but could have easily been webapp.

Rgds

T

[Felipe Meirelles]

Actualy the django login system works realy fine on appengine.

Take a look at http://www.allbuttonspressed.com/ and grab the djangoappengine project. They have "ported" both auth and admin module to appengine, as many other things in django.

I use it on two commercial applications on appengine and it works great.

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

--
Att,
Felipe Meirelles.

[Pankaj Chawla]

Thanks I will check it out. After I emailed, I was looking around and found

tipfy(http://www.tipfy.org/). Its supposedly a framework specifically for GAE

and it also supports multiple modes of authentication including datastore based.

Anybody has used it and have good/bad things to say about it.

BTW, my app on GAE will only be exposing a json based API that will be

used by a custom client built in Qt for desktop and maybe later a native

android/iPhone app. Are there any resources out there that talk about this

especially with respect to authentication, sessions etc as the API 

should only respond to authenticated users within a specific session.

I found a few pointers on stackoverflow.com but non that were extensive.

Thanks

Pankaj

[Felipe Meirelles]

Again, I use django+piston to serve Json with auth on Appengine. I'll take a look at tipfy too (:

Anyway, what made me go for django is the fact that if I need to go out of appengine for any reason I don't have to rewrite my app.

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

--
Att,
Felipe Meirelles.

[Tim]

On Wednesday, June 8, 2011 12:20:27 PM UTC+1, Pankaj Chawla wrote:

Thanks I will check it out. After I emailed, I was looking around and found

tipfy(http://www.tipfy.org/). Its supposedly a framework specifically for GAE

and it also supports multiple modes of authentication including datastore based.

Anybody has used it and have good/bad things to say about it.

I've only heard good things about tipfy - and have it on my "considerations" list if I need to open up my authentication models (the guys behind it also do a webapp enhancement/replacement called webapp2 that looks interesting if you don't need all of tipfy).

 

BTW, my app on GAE will only be exposing a json based API that will be

used by a custom client built in Qt for desktop and maybe later a native

android/iPhone app. Are there any resources out there that talk about this

especially with respect to authentication, sessions etc as the API 

should only respond to authenticated users within a specific session.

I found a few pointers on stackoverflow.com but non that were extensive.

This is the core of my app with regards to GAE - I have one page exposed for all my ajax calls with "authentication: required" - this page consists of a wrapper that checks the current user (as determined by the authentication framework/session management) is a proper account on my system (memcache memoisation of a datastore table of valid accounts), and then unpacks the POST payload to determine the API call and parameters to pass to the appropriate module. These modules in turn check the permissions of data being read/written depending on the type of call (ie many of my datastore objects have an "owner" field of the user object who created them).

--

T

[Sylvain]

Hi,

Currently, I use an "old" Tipfy module auth :
http://code.google.com/p/tipfy-ext-auth/source/browse/tipfy/ext/auth/model.py
and protorpc for the JSON message.
http://code.google.com/p/google-protorpc/

I've created a SessionMessage(session_id, user_id) that is sent in all
JSON request/response.

For the auth part : tipfy is probably the best choice because it can
use basic auth and FaceBook, Google,...

Sylvain

On Jun 8, 1:26 pm, Felipe Meirelles <poz...@gmail.com> wrote:
> Again, I use django+piston to serve Json with auth on Appengine. I'll take a
> look at tipfy too (:
> Anyway, what made me go for django is the fact that if I need to go out of
> appengine for any reason I don't have to rewrite my app.
>
>
>
>
>
>
>
>
>
> On Wed, Jun 8, 2011 at 8:20 AM, Pankaj Chawla <pankaj...@gmail.com> wrote:
> > Thanks I will check it out. After I emailed, I was looking around and found
> > tipfy(http://www.tipfy.org/). Its supposedly a framework specifically for
> > GAE
> > and it also supports multiple modes of authentication including datastore
> > based.
> > Anybody has used it and have good/bad things to say about it.
>
> > BTW, my app on GAE will only be exposing a json based API that will be
> > used by a custom client built in Qt for desktop and maybe later a native
> > android/iPhone app. Are there any resources out there that talk about this
> > especially with respect to authentication, sessions etc as the API
> > should only respond to authenticated users within a specific session.
> > I found a few pointers on stackoverflow.com but non that were extensive.
>
> > Thanks
> > Pankaj
>
> > On Wed, Jun 8, 2011 at 4:38 PM, Felipe Meirelles <poz...@gmail.com> wrote:
>
> >> Actualy the django login system works realy fine on appengine.
>

> >> Take a look athttp://www.allbuttonspressed.com/and grab the

> >> djangoappengine project. They have "ported" both auth and admin module to
> >> appengine, as many other things in django.
> >> I use it on two commercial applications on appengine and it works great.
>

> >> On Wed, Jun 8, 2011 at 6:14 AM, Pankaj Chawla <pankaj...@gmail.com>wrote:
>
> >>> Hi
>
> >>> I understand that google appengine supports user authentication using
> >>> google
> >>> accounts or openid or google app accounts. I am trying to build an
> >>> application
> >>> on appspot.com where the end user may not have google or openid accounts
> >>> and
> >>> hence need to support a custom user authentication with datastore based
> >>> users.
> >>> Before I decide to write one from scratch I was wondering if the user
> >>> authentication
> >>> of say Django or any other python framework can be leveraged.
>
> >>> One option for me is to pick a google app account and then provide an
> >>> interface to

> >>> allow user creation for my custom domain like u...@example.com but I

[andreas schmid]

hi,

atm Im implementing a custom authentication package based on tornado web server.
i decided to write my own sessions class and include it into my authentication handlers and a few decorators to restrict some parts of my app.

i am still developing so im open to check out new stuff.
tipfys auth package looks very nice but i would not like to use tipfy framework only for the auth part while all the rest is done with tornado web.

if anyone has some example of how to use these packages with webapp or tornado i would give it a shot. :)

[Pankaj Chawla]

Hi

Any reason why you didnt use the jsonrpc provided by tipfy? 

http://www.tipfy.org/wiki/extensions/jsonrpc/

Looks like tipfy auth+jsonrpc should be a good combination.

Cheers

Pankaj

[Robert Kluin]

I would also encourage you to strongly consider tipfy because Rodrigo
is very good about responding to questions.

Robert

[Sylvain]

Hi,

I've decided to use protorpc, which is a very good project.
I really like how to works.

Once this part will be finished, I'll see if I use tipfy, webapp2 (can use protorpc), tornado,... for the "web part".
I didn't look at jsonrpc but protorpc is so good I don't want to look at any other projects.

Regards