Social Login for AppScale

[Thejesh GN]

Hello,

I am migrating a python application from AppEngine to AppScale. The app runs as per expectation on AppScale except for the auth part. The auth by default is handled by AppScale. I am planning to implement social login. 

Q1: Whats the easiest way to make AppScale to work with social login like FB's or Google's? Is there an how-to that I can use?

Q2: If there is nothing and If I have to implement myself whats the best way? 

-- Modify AppDashboard/dashboard.py

-- Modify AppDashboard/lib/app_dashboard_helper.py

-- Modify AppDB/soap_server.py

To change the flow and include extra attributes that I might need?

Regards,

Thej

Note: The existing apps uses "from google.appengine.api import users" for all user services.  

[Graziano Obertelli]

Hello Thej,

you may want to look at recent merge we did to support Shibboleth. It
should give you an idea of what we did to allow the users API to work
using a different auth service. If you look at
https://github.com/AppScale/appscale/commits/master?page=5 and search
for Shibboleth you may find some pull requests, around May 26, 2015.
You are on the good path with the list of files to change you have :)

Let us know if we can help with any specific. Are you planning to
implement it so we can merge it in AppScale? If so, let us know the
branch on github so we can try to help you along the way.

cheers,
graziano

> --
> You received this message because you are subscribed to the Google
> Groups "AppScale Community" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to appscale_commun...@googlegroups.com.
> To post to this group, send email to
> appscale_...@googlegroups.com.
> Visit this group at http://groups.google.com/group/appscale_community
> .
> For more options, visit https://groups.google.com/d/optout.
--
Graziano Obertelli
AppScale Systems, Inc.

[Thejesh GN]

Dear Graziano,

Yes, I want to contribute back to AppScale. I will implement first on the 

https://github.com/thejeshgn/appscale and then will send a pull request once I am confident.

Thanks for the Shibboleth reference. 

Can you comment on the below steps please 

My implementation idea is

1. Support only oauth2 and not oauth1

2. Have a file called oauth_helper.py inside https://github.com/thejeshgn/appscale/tree/master/AppDashboard/lib folder for all the oauth related methods

It will mainly have 3 methods:

#Returns Auth URL to which we will forward

get_auth_url

#Process the callback once auth is done and get the token

process_callback

#Using the token get the user's EMAIL

get_user

3. I will modify the dashboard to use the above oauth login if USE_OAUTH  settings is True

4. As of now the settings are in a dict inside my helper, for example: for Google Plus

PROVIDERS = {
	'googleplus': {"type":"oauth2",
	"auth_url":"https://accounts.google.com/o/oauth2/auth",
	"token_url":"https://accounts.google.com/o/oauth2/token",
	"profile_email_url":"https://www.googleapis.com/plus/v1/people/me",
	"client_id":"",
	"client_secret":"",
	"scope":['https://www.googleapis.com/auth/userinfo.email'],
	"optional_params":{"access_type":"offline", "approval_prompt":"force"} # {'<parameter_name>': '<value>'} that needs to be sent
	}
	}

I need a way to externalize it. Where should that go?

Let me know if the flow is okay. I will try and add this during this week?

Is there a slack or irc chat room where I can converse with other developers.

> send an email to appscale_community+unsub...@googlegroups.com.