OpenId "reference" implementation
Roberto
I am starting to migrate my existing Python GAE app from Google
Account to OpenId authentication.
I would like to know if a "reference implementation" of a GAE app
using OpenId authentication is available.
Thanks
Roberto
Robert Kluin
I have not tried it personally yet, but I think OpenID
authentication is supposed to behave basically the same as Google
Accounts authentication. Several people have posted that you only
need to switch, and existing 'stuff' should continue working.
Have you seen something different?
Robert
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
>
>
Scott Ellis
This webpage has a redirect loop.
The webpage at http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/_ah/login_required?continue=http://wassuptime.appspot.com/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Scott Ellis
Scott Ellis
Ross M Karchner
Scott Ellis
On 5/29/10, Ross M Karchner <rosska...@gmail.com> wrote:
> Yeah, that's what you need to do if you plan on giving people provider
> choices.
>
> You could do it that way, or you could accept the openID url as form input,
> do the create_login_url, and redirect to the generated URL.
>
> On Fri, May 28, 2010 at 2:04 PM, Scott Ellis <ma...@scottellis.com.au> wrote:
>
>> It says in the docs for 'create_login_url' that if I provide
>> federated_identity then "the user will be redirected to your app's sign-in
>> page for OpenID"...is this something different to the page provided by the
>> handler for _ah/login_required? Does it mean that I should not be serving
>> up
>> a form, but rather a page full of links (for different providers) created
>> using 'create_login_url'?
>>
>>
>> On 29 May 2010 03:39, Scott Ellis <ma...@scottellis.com.au> wrote:
>>
>>> Oh...maybe this is just a bad time to try?
>>>
>>>
>>> On 29 May 2010 03:29, Scott Ellis <ma...@scottellis.com.au> wrote:
>>>
>>>> I have.
>>>>
>>>> I turned on openid auth in the app engine console, and without any
>>>> changes to my app I got a redirect loop (for the '/' url which is set to
>>>> login:required in app.yaml):
>>>>
>>>> This webpage has a redirect loop.
>>>>
>>>> The webpage at *
>>>> * has resulted in too many redirects. Clearing your cookies for this
>>>> site or allowing third-party cookies may fix the problem. If not, it is
>>>> possibly a server configuration issue and not a problem with your
>>>> computer.
>>>> I tried clearing my cookies...no effect.
>>>>
>>>> I tried implementing a handler for _ah/login_required, which serves up
>>>> the page I told it to...but I can't figure out from the docs how to take
>>>> the
>>>> open id URL the user can enter there, and feed it into GAE so I can use
>>>> get_current_user(). That is, if I serve up a form, what should the
>>>> action
>>>> attribute contain as the target URL, and what fields does the form need
>>>> to
>>>> have? Or alternatively, if I add a handler for the form submission, what
>>>> do
>>>> I need to do in app engine so that the user is signed in? Am I missing
>>>> something?
>>>>
>>>> Any help would be appreciated.
>>>>
>>>> Scott
>>>>
>>>>
>>>>
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Google App Engine" group.
>> To post to this group, send email to google-a...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> google-appengi...@googlegroups.com<google-appengine%2Bunsu...@googlegroups.com>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/google-appengine?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengi...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>
>
--
Sent from my mobile device
Roberto
I guess I just missed the "/_ah/login_required" script.
Now I wrote a very simple page where you can choose among a few
providers and it actually works.
My concern was about having done everything needed to meke the
application compatible with openid, is the login_required script/page
the only missing components (actually not missing but left to the
developer) from the GAE SDK ?
Thanks
Roberto
Robert Kluin
It is as far as I know, but I have not had a chance to play with
OAuth on GAE yet.
Robert
Wesley C (Google)
just an FYI that our team is working on an OpenID article to
complement the online docs that have more explanations and example
code... stay tuned!
-- wesley
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"Core Python Programming", Prentice Hall, (c)2007,2001
"Python Fundamentals", Prentice Hall, (c)2009
http://corepython.com
wesley.j.chun :: wesc+api-at-google-dot-com
developer relations :: google app engine
@app_engine :: googleappengine.blogspot.com
Scott Ellis
--
Scott Ellis
--
l.denardo
generated, which is different for pages with "required login" and
pages out of this constraint.
If a page is under security constraint login always redirects to _ah/
login_required, even if that is the uri you're requesting. Otherwise
login link is correct.
You should be able to get around it by simply removing _ah/
login_required from the list of urls for which you state a security
constraint (in Java, this means removing _ah/login_required from the
url-pattern list in the web-resource-collection of web.xml.
By the way there's a similar issue with logout, I posted something on
this group.
I hope this helps
Lorenzo
On May 30, 12:10 pm, Scott Ellis <m...@scottellis.com.au> wrote:
> Thanks wesley. I'm sure you're on to it, but Google Apps accounts and
> Marketplace integration examples would be more than useful.
>
> On 29 May 2010 12:18, Wesley C (Google)
> > wrote:
> > hey all,
>
> > just an FYI that our team is working on an OpenID article to
> > complement the online docs that have more explanations and example
> > code... stay tuned!
>
> > -- wesley
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > "Core Python Programming", Prentice Hall, (c)2007,2001
> > "Python Fundamentals", Prentice Hall, (c)2009
> > http://corepython.com
>
> > wesley.j.chun :: wesc+api-at-google-dot-com
> > developer relations :: google app engine
> > @app_engine :: googleappengine.blogspot.com
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Google App Engine" group.
> > To post to this group, send email to google-a...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > .
Scott Ellis
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
Scott Ellis
l.denardo
explain :-)
What I did was to deploy a servlet in _ah/login_required, which
generated login URL (assuming Google as an openID provider) and
redirected to it using standard servlet redirection.
I had /* pattern in security-constraint resource list to require login
for all pages in my application, and so caugth also /_ah/ under
security constraint: that led to the UserService generate login
methods to return _ah/login_required as a login url, and so I got
stuck in a redirection loop. My servlet was in fact redirecting to its
own address.
Removing _ah/login_required from the pages under security constraint
(that is, using explicit paths for the pages I had in my app instead
of /*) resolved it. UserService generates the correct login url when
called from the servlet.
I hope this is clearer
Regards
Lorenzo