Shell script authentication to appengine with oauth2

[Cameron Blackwood]

Does anyone have an official/recommended oauth2 command line python script example which can authenticate a user in an appengine project? Ie, one that sets google.appengine.api.get_current_user()?

I had a script which used the old clientlogin interface to log into a page to extract stats, but that is now depreciated and now we have to switch to oauth2.

Im hoping that I dont have to modify my appengine app to enable use/setting of the user variable in appengine. I mean it's auth'ing a google account through google infrastructure, so in theory google's front end should be able to do the oauth2 redirects and such forth before it passes the request on to my appengine project, shouldnt it?

I have a working commandline script which can use oauth2 to login (it gives you a url to visit, you auth there in a browser and enter a magic string and that seems to work).

I guess im asking:

  * is there a magic google oauth scope which sets the user for an appengine script? or do i have to totally roll my own appengine oauth
  * is there a 'reference' example for the minimal *command line* (non browser) script settings to authenticate a user for appengine?




[Nick (Cloud Platform Support)]

Hey Cameron,

I'm not quite sure what you're asking here. Do you mean that you're running a python script in a development environment and would like to auth against our production oauth servers with an actual account? Or something else?

Cheers,

Nick

Cloud Platform Community Support

[Cameron Blackwood]

I have a deployed and working appengine project.
I had a command line python script (using clientlogin) that used to authenticate as a google user and pull data/reports.

I have a command line script that can do the oauth2 validation (gives you a url, you login and paste back in a validation string) but there are so many scopes and none of them seem to set google appengine's user which seems to be passed from googles magic front end. User is access via via google.appengine.api.users.get_current_user() and documented here https://cloud.google.com/appengine/docs/python/users/

I am looking to fix the script to work with oauth2 (as clientlogin is no longer supported) and I am:

  * is it possible to use oauth2 to set the user *without* fully implementing oauth2 callbacks in my appengine project (i am just using google accounts and the user seems to be set before my appengine project gets called)

  * if so, what is the scope scope needed to set the user variable (there are quite a few and i have had no luck with the google appengine ones that seem to me to be relevant https://developers.google.com/oauthplayground/)





[Adam (Cloud Platform Support)]

The two scopes which can be used to return a user info object are listed under the Google OAuth2 API v2:

https://www.googleapis.com/auth/userinfo.email

https://www.googleapis.com/auth/userinfo.profile

You can use either or both depending on what additional user information you want. The API call is a GET request to either of these request URIs:

https://www.googleapis.com/oauth2/v2/userinfo

https://www.googleapis.com/userinfo/v2/me

The response object looks like the following:

{
  "family_name": "Last name",
  "name": "Display name",
  "picture": "https://lh6.googleusercontent.com/abc123/photo.jpg",
  "locale": "en",
  "email": "em...@domain.com",
  "given_name": "First name",
  "id": "11223344556677889900",
  "hd": "google.com",
  "verified_email": true
}

The OAuth2 flow for a script that doesn't have a web server to handle a callback is done by manually inputting the authorization code in the terminal after the browser flow completes. An example is given in the documentation for the Google API Python Client Library.