Authenticate Using Non Google Email Accounts

[Apurva Mehta]

Hello All,

Is it possible for me to authenticate users to my service using non-
gmail accounts. If someone wanted to login using their corporate email
account. Example: jo...@youtube.com. Ofcourse, it wont be tied to their
corporate password. It will just be a different password they create
for my web service.

Thanks.

[theillustratedlife]

If you are building an enterprise app internally, you can use Google
Apps tied to your company's domain to do this.

Of course, you can always write your own User class and use whatever
credentialing system you like for it. User is just an email,
password, and display name.

On Jul 2, 9:30 pm, Ashu <Mehta.Apu...@gmail.com> wrote:
> Hello All,
>
> Is it possible for me to authenticate users to my service using non-
> gmail accounts. If someone wanted to login using their corporate email

> account. Example: j...@youtube.com. Ofcourse, it wont be tied to their

[songokoussj2]

On 3 Jul., 06:30, Ashu <Mehta.Apu...@gmail.com> wrote:
> Hello All,
>
> Is it possible for me to authenticate users to my service using non-
> gmail accounts.

Have a look at appenginepatch (http://code.google.com/p/app-engine-
patch/). There we define our own user models to allow authentication
using non-gmail accounts.

[Waldemar Kornewald]

Actually, appenginepatch provides support for Django's auth framework
(and much more), so porting existing code becomes easier and you get a
familiar environment.

http://code.google.com/p/app-engine-patch/

Bye,
Waldemar Kornewald

[Filip]

Well, that "familiar" environment is not so familiar for some of us,
having just learned Python.

Is this login method secure on a non-SSL connection?

Filip.

[Iap, Singuan (Gmail)]

I used to work with Twisted and Zope.

Now I am learning to work with GAE.

 

One question in my mind:

Does GAE intend to be tightly binded with Django , or it is just a temporary stituation?

In other words, will GAE implement more and more modules (such as Datastore) for its own way,

or GAE would expect the developers to utilize those features in Django.

 

For me really want to know is: If I want to do some really productive projects (much complex than those demo),

should I learn GAE at the same time with Django,

Or I can put Django behind and waiting for GAE to become more and more fruitful?

Or...Twiwsted-or-even-Zope3- style features will be supported in the future (!!! too greedy)

 

Appreciate for any comments.

 

Iap

 

 

[nchauvat (Logilab)]

> Does GAE intend to be tightly binded with Django , or it is just a temporary stituation?

My opinion is http://www.logilab.org/blog/5216

[Jon Brisbin]

I'm in a similar quandry. At the moment, I'm focusing on Django, rather
than plain GAE. To be honest, GAE (by itself) doesn't have enough
"parts" to it yet to suit a reasonably comprehensive application.
There's too much stuff at a really low level that has to be done. It's
like writing CGI programs again, only not running SQL, but using the
DataStore. There's a smattering of MVC and a sprinkle of Separation of
Concerns. But it's a fuzzy mish-mash and not a coherent stack. At least
it seems that way to me.

I like the DataStore and the scalability much more than using a pure
Django solution. It's what's drawn me to GAE in the first place. But
there just aren't enough tools yet to make working with straight GAE
productive for me. With Django, I can lean on a full suite of helpers
(Models, Forms, etc...although it's difficult for me wrap my mind around
how I can use bits and pieces of Django and bits and pieces of GAE). If
I use Django, I can at least get an application going that implements
what I've got in my head. Once it works, I can look at how that will
work within the constraints of GAE.

I'm not a rocket scientist. I know that it takes me a little longer than
it does others to understand new programming paradigms. I can live with
that. But the lack of comprehensive documentation and a really "fuzzy"
feeling of how things should be done in GAE (everyone's got their own
opinions on how you should write GAE apps) makes working with it hard
for someone just trying to understand how the blasted thing works. At
least with Django I can lean on a proven development model that I can
understand and that is well-documented.

I know a lot of this is due to its newness. It's an up-and-comer--and
Google doesn't start things they can't finish. I'm sure it will
eventually be "THE way to write Web 3.0 apps". But I can't wait until then.

Thanks!

Jon Brisbin
http://jbrisbin.com

[Waldemar Kornewald]

Hi,

On 3 Jul., 13:24, Filip <filip.verhae...@gmail.com> wrote:
> Well, that "familiar" environment is not so familiar for some of us,
> having just learned Python.

My point was that for those who already know Django appenginepatch
makes it familiar. Especially, now that we have manage.py support.

> Is this login method secure on a non-SSL connection?

That method is as secure as logging into any other non-SSL-encrypted
server. How do you want to make it more secure than that without
requiring special browser plugins? Well, you could use OpenID, so your
password gets transferred to an SSL-secured provider.

Bye,
Waldemar Kornewald

[N. Rosencrantz]

This is my authentication code for http://classifiedsmarket.appspot.com,
without Django. Instead of Django I use Mako with my own SHA-1
authentication in addition to the google accounts I am thinking about
using Django but I'd rather see Mako supporting more features than
adding another 1000 files to the project just to be able to do
something which one can do with a few files.

import hashlib
crypted_password = db.StringProperty()
salt = db.StringProperty()
def __encrypt(self, plaintext, salt=""):
"""returns the SHA1 hexdigest of a plaintext and salt"""
phrase = hashlib.sha1()
phrase.update("%s--%s" % (plaintext, salt))
return phrase.hexdigest()

def set_password(self, new_password):
"""sets the user's crypted_password"""
if not self.salt:
self.salt = self.__encrypt(str(datetime.datetime.now()))
self.crypted_password = self.__encrypt(new_password,
self.salt)

def check_password(self, plaintext):
return self.__encrypt(plaintext, self.salt) ==
self.crypted_password

[Ross Ridge]

You can authenticate using a Google Account and a Google Account can
be associated with a non-Gmail e-mail addresses.

Ross Ridge

[Filip]

Ross,

Care to elaborate on that last part? Do you mean you can use a Google
Apps email for your own domain, or did you have something else in
mind?

Filip.

On 4 jul, 07:20, Ross Ridge <rri...@csclub.uwaterloo.ca> wrote:
> Ashu wrote:
> > Is it possible for me to authenticate users to my service using non-
> > gmail accounts. If someone wanted to login using their corporate email

> > account. Example: j...@youtube.com. Ofcourse, it wont be tied to their

[Filip]

Maybe I'm missing something. Does this code not presuppose that the
password has been sent in cleartext to the server?

Have you considered encrypting the password in the browser before
sending it (like with JavaScrypt - http://www.google.be/search?q=javascrypt)?

Filip

On 4 jul, 06:28, niklasr <nikla...@gmail.com> wrote:
> This is my authentication code forhttp://classifiedsmarket.appspot.com,

[Ross Ridge]

Ross Ridge <rri...@csclub.uwaterloo.ca> wrote:
> You can authenticate using a Google Account and a Google Account can
> be associated with a non-Gmail e-mail addresses.

Filip wrote:
> Care to elaborate on that last part? Do you mean you can use a Google
> Apps email for your own domain, or did you have something else in
> mind?

You can create a Google Account using any existing, valid, e-mail
address you may have. You're not required to use a Gmail e-mail
address, nor do you have to use Google Apps or any other Google
service. I've never used Gmail, don't have anything set up with
Google Apps, and I can log in to Google App Engine using
rri...@csclub.uwaterloo.ca.

Ross Ridge

[Mike Orr]

You mention google.appengine.api.datastore as being the best base for
frameworks to develop on, rather than db.Model and GQL. However, I
haven't been able to find any documentation on them besides the
docstrings; everything seems to be geared toward db.Model. Do you
know of any Howtos or examples for using the raw Datastore API?

--
Mike Orr <slugg...@gmail.com>

[nchauvat (Logilab)]

On 4 juil, 23:45, "Mike Orr" <sluggos...@gmail.com> wrote:
> Do you know of any Howtos or examples for using the raw Datastore API?

Read the source :)

[nchauvat (Logilab)]

On 3 juil, 09:05, theillustratedlife <toonscr...@nvbell.net> wrote:
> Of course, you can always write your own User class and use whatever
> credentialing system you like for it.  User is just an email,
> password, and display name.

If you need an example, take a look at http://lax.logilab.org that
implements both Google Account and app specific authentication.

Start with ginco/entities/authobjs.py then grep for EUser.

[Mike Orr]

That's not very helpful. :( The source doesn't tell you which objects
to learn first or how to put them together. It also doesn't tell you
what's supported long-term vs what's a quirk of the current
implementation. But I guess the answer is, raw Datastore is
undocumented.

--
Mike Orr <slugg...@gmail.com>

[nchauvat (Logilab)]

On 6 juil, 22:21, "Mike Orr" <sluggos...@gmail.com> wrote:
> But I guess the answer is, raw Datastore is undocumented.

True if you call undocumented something that does not have a tutorial
and a reference manual. False if you call documented something with a
lot of comprehensive docstrings. Try to run pydoc on the source and
you will get a readable document.

At Google-IO I was told something like "we do not plan on promoting
this interface for we consider it a bit too low-level, but chances are
it will not change much nor often". You may try to ask the AppEngine
team for an official position, but usually they are pretty careful
before making commitments about what they will support or deliver...

[N. Rosencrantz]

The purpose with the code was to avoid storing non-google passwords in
clear text. Eavesdropping is more difficult to prevent. Mine must work
without javascript. But it's not excluding encyption in the client as
well, someone could implement that.

Niklas

On Jul 4, 9:39 am, Filip <filip.verhae...@gmail.com> wrote:
> Maybe I'm missing something. Does this code not presuppose that the
> password has been sent in cleartext to the server?
>
> Have you considered encrypting the password in the browser before

> sending it (like with JavaScrypt -http://www.google.be/search?q=javascrypt)?