webapp2 muti-auth

[Kyle Finley]

Rodrigo,

I would like to begin work on adding mutil-auth to webapp2.

My immediate need is for username/email and password, so that's were I would like to begin. Did you have a particular implementation in mind? Are you happy with tipfy's User model and middleware, or would you prefer webapp2 takes a different approach? 

In the previous thread you stated that you would like to use external libraries for oauth and openid. Are there any example project (maybe in django) that you could point me to that have a successful interface, that we could copy.

I plan on using ndb for the User model and also allow for multiple accounts. Here's a sample.

I'll probably end up creating this as a separate module that can later be merged into webapp2_extends, I want to make sure that I'm implementing it in a manner that's consistant with your goals, so any direction that you can give is greatly appreciated.

Thanks,

Kyle

[Rodrigo Moraes]

On Jul 1, 10:47 pm, Kyle Finley wrote:
> I would like to begin work on adding mutil-auth to webapp2.
>
> My immediate need is for username/email and password, so that's were I would
> like to begin. Did you have a particular implementation in mind? Are you
> happy with tipfy's User model and middleware, or would you prefer webapp2
> takes a different approach?

I have a draft and partial implementation for a simplified API. I have
to take a better look at it then will let you know if it is worth.

webapp2 doesn't use handler middleware like in tipfy. Not by default;
it is simple to implement but it is left to users. See in the session
API docs that there's a kind of 'handler middleware' in the example,
set directly in dispatch() where sessions are saved. It's do-it-
yourself. The idea for an auth module would be to provide helpers for
authentication but be more diy.

> In the previous thread you stated that you would like to use external
> libraries for oauth and openid. Are there any example project (maybe in
> django) that you could point me to that have a successful interface, that we
> could copy.

Maybe good examples would be Flask-OAuth [1] and Flask-OpenId [2],
which use python-oauth2 [3] and python-openid [4]. gorakhargosh is
working on a new oauth lib [5] but it is still a work in progress.

> I plan on using ndb for the User model and also allow for multiple accounts.

> Here's a sample <https://gist.github.com/1059647>.

Cool. I also made a ndb user model a while ago, and one thing I added
was multiple session support (login on multiple machines), which
tipfy.auth doesn't handle and was a feature request. Again, I have to
take a better look at it and publish this somewhere.

> I'll probably end up creating this as a separate module that can later be
> merged into webapp2_extends, I want to make sure that I'm implementing it in
> a manner that's consistant with your goals, so any direction that you can
> give is greatly appreciated.

That would be great. Keeping it separated until we solidify an API is
probably the best. I'll see what I have so far and let you know.

-- rodrigo

[1] http://packages.python.org/Flask-OAuth/
[2] http://packages.python.org/Flask-OpenID/
[3] https://github.com/simplegeo/python-oauth2/
[4] http://pypi.python.org/pypi/python-openid/
[5] https://github.com/gorakhargosh/pyoauth/

[Kyle Finley]

Thank you for the clarification and direction. If you end up publishing your partial implementation and ndb User model somewhere please let me know. I'll post back here once I have some working code.

Kyle

[Rodrigo Moraes]

The model is now here:

http://code.google.com/p/webapp-improved/source/browse/#hg%2Fexperimental

This is untested. It is an adaptation of something I've done a while
ago. I cleaned it up a bit. See if it is useful, let me know if you
have questions.

-- rodrigo

[Kyle Finley]

Wow! some nice additions. The UserToken really opens up a lot of possibilities.

Thank you,

Kyle

Very usefulll, thankyou

> --
> You received this message because you are subscribed to the Google Groups "tipfy" group.
> To post to this group, send email to ti...@googlegroups.com.
> To unsubscribe from this group, send email to tipfy+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/tipfy?hl=en.
>

[Rodrigo Moraes]

Hi,

I've been working on an authentication/authorization high-level API
for webapp2. The idea is not to provide utilities to:

- authenticate users using password
- authorize users using tokens (for own services or 3rd parties)
- persist user sessions for the methods above

There will be some rounds of feedback to see if everything is ok and
cover common use cases, so consider the API not stable. Test coverage
is still not full (about 80% right now) but should be complete by the
end of the day. I plan to add some examples to the docs, then. Just
wanted to let you know in case you're eager looking for it.

Stay tuned to the repo and where there're some docs, please try it and
let me know if you have problems. :)

The module is:

http://code.google.com/p/webapp-improved/source/browse/webapp2_extras/auth.py

-- rodrigo

[Rodrigo Moraes]

On Jul 28, 3:03 pm, Rodrigo Moraes wrote:
> I've been working on an authentication/authorization high-level API
> for webapp2. The idea is not to provide utilities to:

Uh, who changed that line? I meant *The idea is to provide utilities
to*...

:-)

-- rodrigo

[Dan]

Gnomes. Gnomes changed that line. :P

-- rodrigo

[Kyle Finley]

Thanks Rodrigo,

Very nice. I'm still working on integrating it, but so far so good. The use of tokens really open up a lot of possibility, especially with api centric apps.

What are you thoughts on integration with google.appengine.api.users User? Would you suggest using the built in support for OpenID and connect to the user model? The only reason I ask is because some services seem rely on App Engine Users (i.e. OAuth).

Thank you for all of your hard work,

Kyle