HTTP Digest authentication for AppEngine?

[Tommy Knowlton]

As part of my app engine app, I'm trying to implement a WebDAV server so that users can interact with my app's blobstore using their native desktop file browser (i.e., Mac Finder.app and Windows Explorer.exe).

WebDAV clients, per RFC 4918, authenticate (if at all) via HTTP Digest authentication, and I can see that I could implement this authentication method in my app only if I forego my preference for Google accounts in my app. As it is, when delegating authentication to Google accounts, Finder.app (as WebDAV client) can't correctly process the HTML authentication form that is presented on the initial request.

It would be really great for my use case if some means could be added, maybe in the app.yaml handlers section, to configure HTTP Digest authentication for a chosen request path. It seems to me that the same mechanism that is currently available, that checks for a session cookie and issues the redirect to the Google account login form could instead supply the HTTP Digest nonce and challenge, along with the 401 status response to the initial unauthenticated request.

I suspect there are other use cases that would benefit by an HTTP Digest authentication option, and I'm curious to know if there are other developers who want this, and what's the likelihood AppEngine will eventually incorporate such an option?

Even better would be if someone could explain how I can already do this using existing support in AppEngine :)

Thanks,

Tommy K

[Tommy Knowlton]

Submitted feature request 7234.

[alex]

What's wrong with using a custom auth handler and decorator like @digest_auth_required? (if it's python, webapp2 is a great thing to go with)

[Tommy Knowlton]

alex, Thanks for your reply.

I am using python, and webapp2, but this is the first that I've heard of a thing called @digest_auth_required. Indeed, searching the webapp2 source code supplied with the sdk, I can't find a declaration like that. Also, Google search doesn't turn up anything that points me at its documentation. Can you please send me a link to documentation, or a file and line number in webapp2 source code, where you found the decorator?

Also, with regard to using a custom auth handler, it is my very strong preference, if I can figure out how to accomplish it, to allow my users to use their existing Google accounts and completely delegate identity management to Google. I am considering implementing custom authentication as a last resort at this point. (Understanding, of course, that at this point it may be the only path available to me).

Thanks,

Tommy K

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.

To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/IXVY3yUc0zYJ.

To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

[alex]

In fact, I was talking about a custom solution using http://webapp-improved.appspot.com/api/webapp2_extras/auth.html#module-webapp2_extras.auth and http://webapp-improved.appspot.com/api/webapp2_extras/appengine/auth/models.html#module-webapp2_extras.appengine.auth.models

See this as an example: http://code.google.com/p/webapp-improved/issues/detail?id=20#c1

As for @digest_auth_required - it doesn't exist but it's fairy simple to implement (I think you'll just need to properly handle Authorization header). It would be exactly what webapp2 already has (using Users GAE service) - http://webapp-improved.appspot.com/api/webapp2_extras/appengine/users.html#module-webapp2_extras.appengine.users but using the Digest algorithm.

I've just found this:

http://stackoverflow.com/questions/1499832/python-webapp-google-app-engine-testing-for-user-pass-in-the-headers

- I think it's something very much similar to what you're looking for but the example actually does HTTP Basic.

Tommy K

To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to google-appengine+unsubscribe@googlegroups.com.