ProtoRPC and authentification

[Carsten Germer]

Hi there everyone,

I'm building a database/webservice system with Python, the usual, Json, Rest, tasks, rpc, yada yada - nothing too special.

After prototyping a combination of flask, oauth, celery, kombu, rabbitmq etc. I turned to GAE to see if everything I need is possible there also.

Everything looks perfect so far but I can't seem to find any info on how to secure ProtoRPC for my case.

The scenario is quite simple, every request to our service, rpc or rest, can only be allowed by clients which have authenticated with a different remote service.

My initial idea is to connect this via oauth: Client authenticates the usercredentials with remote-service and gets a ticket, client accesses our rest and rpc on GAE with this ticket.

My question seems related to https://groups.google.com/forum/?fromgroups=#!topic/google-protorpc-discuss/GHJAwtFX_nY

but since there is no conclusion after sbonhams last message on 13.9.11 and my scenario is a little different (no google-stored-users involved anywhere) I'm posting a new thread.

Can anyone confirm that what I want to do is possible? Point me to a resource where I can read up to how I can tackle this?

That would be great! Cheers /Carsten

[Carsten Germer]

Addendum: I know I could just hand tickets around as a parameter but I guess I'm missing an "offcial" way here?

[Carsten Germer]

Got it to work the "Addendum" way. closed.

[Rafe Kaplan]

There is not yet an official way. Been meaning to add a way to add
layers to the HttpTransport however, I have not had the opportunity...
quite obviously.

From the server side, OAuth is relatively easy. If you are running
on App Engine, you could use the existing oauth.

From the server side, are you calling from an app engine application
or somewhere else?

No, ProtoRPC does not have a good solution for auth right now :(

--
- Rafe Kaplan