Protorpc and webapp2 auth/sessions
46 views
Skip to first unread message
dro...@yahoo.com
Feb 12, 2014, 6:10:52 PM2/12/14
to google-prot...@googlegroups.com
I'd like to authenticate xmlhttprequests using the webapp2 authentication api and, if successful, forward the request on to the protorpc service to process and respond. I've read some posts related to this issue but have been unable to find a solution. I think the webapp2 WSGIApplication that receives the request and routes it to a handler creates a request object that the wsgi service provided by protorpc cannot process.
At this point, I may just move my protorpc services to webapp2 handlers and deal with the requests there. But i thought I'd check here first as I like the protorpc approach of message classes and message/field authentication capability.
Can anyone suggest a solution? Or maybe some insight into the development status of protorpc? It seems the difficulty of working with webapp2 and protorpc in the app engine has been an issue for a while.
thanks.
Rafe Kaplan
Feb 13, 2014, 2:39:42 PM2/13/14
to google-prot...@googlegroups.com
ProtoRPC was originally written to take advantage of webapp 1 but
practically speaking having an extra layer was inefficient and
problematic. Also, webapp2 was written in a way that is incompatible
with ProtoRPC web handler, so ideally you should only use the wsgi
handler implementation under protorpc.wsgi.
But that doesn't mean we can't solve this problem.
I'm not familiar with the authentication api that you are using.
Can you give me a reference to it?
> --
> You received this message because you are subscribed to the Google Groups
> "ProtoRPC Discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to google-protorpc-d...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
--
- Rafe Kaplan
practically speaking having an extra layer was inefficient and
problematic. Also, webapp2 was written in a way that is incompatible
with ProtoRPC web handler, so ideally you should only use the wsgi
handler implementation under protorpc.wsgi.
But that doesn't mean we can't solve this problem.
I'm not familiar with the authentication api that you are using.
Can you give me a reference to it?
> You received this message because you are subscribed to the Google Groups
> "ProtoRPC Discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to google-protorpc-d...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
--
- Rafe Kaplan
Message has been deleted
dro...@yahoo.com
Feb 14, 2014, 5:59:01 PM2/14/14
to google-prot...@googlegroups.com
I use the webapp2 Auth module, http://webapp-improved.appspot.com/api/webapp2_extras/auth.html
combined with the User Model, http://webapp-improved.appspot.com/api/webapp2_extras/appengine/auth/models.html
to handle authentication.
I'm also using the Session module, http://webapp-improved.appspot.com/api/webapp2_extras/sessions.html,
to store user-related data in a secure cookie.
So when a request arrives, I can call the Auth method get_user_by_session() and the user model and related
session data is available to my handler. This works pretty well out of the box and has saved me the time of developing
my own system (which i think isn't easy to do well/securely). I considered the GAE built-in Users api, but decided
against it because I need my own accounts for certain user types.
So that's where I am today. I built my protorpc handlers to authenticate based on passing user ids as a field in the message
but I'd rather implement a unified approach that relies on cookies and hopefully allows me to leverage the webapp2 auth stuff.
Most of my protorpc directed requests come from my Firefox plugin as XMLHttpRequests. I can't use GAE Endpoints because
it requires loading a set of javascript files that won't work in the mozilla extension environment.
Thanks for considering the issue. David
Reply all
Reply to author
Forward
0 new messages