Google Apps Authentication for our Admin Panel.

61 views
Skip to first unread message

Aakash Bapna

unread,
Apr 29, 2015, 4:14:30 AM4/29/15
to google-a...@googlegroups.com

The public facing site uses our custom auth (Facebook connect), admin panel uses Google accounts Auth.

We wanted to restrict access to our admin panel, so we gave login:admin in app.yaml for /admin routes,  it was working for the time being.

Now we want more people in the company(Google Apps managed) to access the admin panel.
Isn't there a "login:domain"  ?

I was trying to change authentication to Google Apps for my application and set "login:required", but the old console on appengine.google.com doesn't let me do so.
It gives a warning about existing "User" properties in datastore.

Screenshot -


However the new console doesn't show any warning. 
Screenshot-

I am not sure whether I should go ahead and change this and not have any effect on users on our production site.

Are there are any better ways to set this up?
Custom auth on production, Google Apps auth for admin panel.

Patrice (Cloud Platform Support)

unread,
May 19, 2015, 12:45:19 PM5/19/15
to google-a...@googlegroups.com, Aakash Bapna
Hey!

You either have two choices here, since, indeed, login:domain doesn't exist.

You can either keep "login:admin" and add the members you want as owners on the project, or have "login:required" and anyone who is authenticated will be able to get to your admin routes.

Do you have Users entities in the datastore?

Cheers

Aakash Bapna

unread,
May 19, 2015, 1:11:59 PM5/19/15
to google-a...@googlegroups.com
Yes, I do have "User" entities in datastore. 

have "login:required" and anyone who is authenticated will be able to get to your admin routes.

​Not what I want, ​
 
​any global handler I can put in code to restrict login to my domain accounts​?


Regards,
Aakash

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/sn4ZDgGfCeE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/51c1ed14-200e-41d8-a9e4-5944a4ac52af%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Patrice (Cloud Platform Support)

unread,
May 19, 2015, 1:42:03 PM5/19/15
to google-a...@googlegroups.com, Aakash Bapna
Hi Aakash,

Unfortunately, no, the closest one would be the login:required with a Google Apps domain, but since you have Users in your datastore....

The next best thing would be to have a snippet inside your handler checking who the user is and redirecting to the proper place based on that.

Regards,
Aakash

To unsubscribe from this group and all its topics, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages