How to implement identity provider?

[Pengcheng Yin]

Hello, community! I am developing an app on Android, GAE as backend, I want to implement user account services, which I mean login/register. All solutions I can find are using Google account, but I only want to use my own account system. It seems impractical for me to implement all the authentication protocols. Any idea how should I do this? Thanks.

[Nick (Cloud Platform Support)]

Hi Pengcheng,

It's quite possible to find tutorials online on implementing your own login form, storage of usernames and passwords, hashed salting of stored passwords, etc. However the convenience of implementing federated login schemes is what actually makes them attractive. You should check out http://gae-login-explainer.appspot.com/#section_Google_signin and the Google Identity Platform Docs to see how easy it can be to implement sign-in without having to bother with much authentication flows and security details yourself.

Best wishes,

Nick

[Pengcheng Yin]

Thanks, Nick. I know it's very convenient to use signin with Google account, I just wish to implement my own user account system. Hope Google will make it eaiser for developers.

[Nick (Cloud Platform Support)]

Hi Pengcheng, 

There are many frameworks and systems out there which allow you to implement your own login / authentication / user account system. The only real limit is your imagination and google searches. However, if you have a specific Feature Request to make, feel free to open a Feature Request Issue in the public issue tracker.

Best wishes,

Nick

[Cameron Blackwood]

This makes me wonder if there is any library that offers either directions or code for auth'ing pages via twitter, linkedin, steam, facebook, google, and/or any other providers.

This is not a wheel that i want to re-implement myself. ;-)

[Nick (Cloud Platform Support)]

Hey Cameron,

I definitely hear you on that last sentence. These days a lot of the pain has been taken out by the implementation of protocols like OAuth2 and OpenID Connect. Each identity provider has its own docs on how to quickly implement a sign-in button, get profile info, etc. There are also libraries like passport.js which try to abstract over these variations. These days OpenID Connect seems to be gaining a lot of traction. 

Best wishes,

Nick

[Cameron Blackwood]

On Thursday, 20 August 2015 09:47:17 UTC+10, Nick (Cloud Platform Support) wrote:

Hey Cameron,

I definitely hear you on that last sentence. These days a lot of the pain has been taken out by the implementation of protocols like OAuth2 and OpenID Connect. Each identity provider has its own docs on how to quickly implement a sign-in button, get profile info, etc. There are also libraries like passport.js which try to abstract over these variations. These days OpenID Connect seems to be gaining a lot of traction. 

Doh! "OpenID feature has been deprecated and is going to be removed"

 

This seems like it would be a popular thing for appengine projects. Is there anywhere we can make suggestions for additions to the appengine support libraries? :)

[Jeff Schnitzer]

OpenID != OpenID Connect (confusing, I know)

If you want a canned solution for multiple party federated auth, Google Identity Toolkit seems to be the easiest path. But if you can pick one and one only (most likely Facebook or Google), you'll save yourself a lot of trouble. Most businessy apps can get away with Google auth only. The Google sign in javascript library is really easy to use, and verifying identity on the server side is pretty straightforward too.

Jeff

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/6dda44a8-ffad-4bc4-96ba-d79c91b74283%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Patrice (Cloud Platform Support)]

Hi Cameron,

As a side note to your question for suggestions, the proper place for that would be the issue tracker for app engine, found here. Mind you it's currently read-only because of maintenance, but it should be restored soon.

Cheers!