您如何从(非网络)python 客户端访问经过身份验证的 Google App Engine 服务? [英] How do you access an authenticated Google App Engine service from a (non-web) python client?

问题描述

我有一个 Google App Engine 应用 - http://mylovelyapp.appspot.com/它有一个页面 - mylovelypage

I have a Google App Engine app - http://mylovelyapp.appspot.com/ It has a page - mylovelypage

目前，页面只做 self.response.out.write('OK')

如果我在我的电脑上运行以下 Python:

If I run the following Python at my computer:

import urllib2
f = urllib2.urlopen("http://mylovelyapp.appspot.com/mylovelypage")
s = f.read()
print s
f.close()

它打印OK"

问题是如果我在应用程序的 yaml 中将 login:required 添加到此页面

the problem is if I add login:required to this page in the app's yaml

然后这会打印出 Google 帐户登录页面的 HTML

then this prints out the HTML of the Google Accounts login page

我尝试过普通"身份验证方法.例如

I've tried "normal" authentication approaches. e.g.

passman = urllib2.HTTPPasswordMgrWithDefaultRealm()

auth_handler = urllib2.HTTPBasicAuthHandler()
auth_handler.add_password(None,
                          uri='http://mylovelyapp.appspot.com/mylovelypage',
                          user='billy.bob@gmail.com',
                          passwd='billybobspasswd')
opener = urllib2.build_opener(auth_handler)
urllib2.install_opener(opener)

但这并没有什么区别 - 我仍然可以恢复登录页面的 HTML.

But it makes no difference - I still get the login page's HTML back.

我已经尝试过 Google 的 ClientLogin 身份验证 API，但我可以不让它工作.

I've tried Google's ClientLogin auth API, but I can't get it to work.

h = httplib2.Http()

auth_uri = 'https://www.google.com/accounts/ClientLogin'
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
myrequest = "Email=%s&Passwd=%s&service=ah&source=DALELANE-0.0" % ("billy.bob@gmail.com", "billybobspassword")
response, content = h.request(auth_uri, 'POST', body=myrequest, headers=headers)

if response['status'] == '200':
    authtok = re.search('Auth=(S*)', content).group(1)

    headers = {}
    headers['Authorization'] = 'GoogleLogin auth=%s' % authtok.strip()
    headers['Content-Length'] = '0'

    response, content = h.request("http://mylovelyapp.appspot.com/mylovelypage", 
                                  'POST', 
                                  body="", 
                                  headers=headers)

    while response['status'] == "302":        
        response, content = h.request(response['location'], 'POST', body="", headers=headers) 

    print content

我似乎能够正确获取一些令牌，但是当我调用mylovelypage"时尝试在标题中使用它仍然只是返回登录页面的 HTML.:-(

I do seem to be able to get some token correctly, but attempts to use it in the header when I call 'mylovelypage' still just return me the login page's HTML. :-(

有人可以帮忙吗?

我可以使用 GData 客户端库来做这种事情吗?从我读过的，我认为它应该能够访问 App Engine 应用程序，但我在为 App Engine 的东西进行身份验证方面也没有取得更大的成功

Could I use the GData client library to do this sort of thing? From what I've read, I think it should be able to access App Engine apps, but I haven't been any more successful at getting the authentication working for App Engine stuff there either

任何指向示例、文章或什至只是关键字的指针我应该寻找让我开始，将不胜感激.

Any pointers to samples, articles, or even just keywords I should be searching for to get me started, would be very much appreciated.

谢谢！

推荐答案

appcfg.py，将数据上传到 App Engine 的工具必须完全做到这一点，以便向 App Engine 服务器进行身份验证.相关功能被抽象到 appengine_rpc.py 中.简而言之，解决方案是:

appcfg.py, the tool that uploads data to App Engine has to do exactly this to authenticate itself with the App Engine server. The relevant functionality is abstracted into appengine_rpc.py. In a nutshell, the solution is:

1. 使用 Google ClientLogin API 获取身份验证令牌.appengine_rpc.py 在 _GetAuthToken
2. 将身份验证令牌发送到您的 App Engine 应用上的特殊网址.然后该页面返回一个 cookie 和一个 302 重定向.忽略重定向并存储 cookie.appcfg.py 在 _GetAuthCookie
3. 在以后的所有请求中使用返回的 cookie.

1. Use the Google ClientLogin API to obtain an authentication token. appengine_rpc.py does this in _GetAuthToken
2. Send the auth token to a special URL on your App Engine app. That page then returns a cookie and a 302 redirect. Ignore the redirect and store the cookie. appcfg.py does this in _GetAuthCookie
3. Use the returned cookie in all future requests.

您可能还想查看 _Authenticate，查看 appcfg 如何处理来自 ClientLogin 和 _GetOpener，了解 appcfg 如何创建不遵循 HTTP 重定向的 urllib2 OpenerDirector.或者，事实上，您可以只批发使用 AbstractRpcServer 和 HttpRpcServer 类，因为它们几乎可以完成您需要的所有工作.

You may also want to look at _Authenticate, to see how appcfg handles the various return codes from ClientLogin, and _GetOpener, to see how appcfg creates a urllib2 OpenerDirector that doesn't follow HTTP redirects. Or you could, in fact, just use the AbstractRpcServer and HttpRpcServer classes wholesale, since they do pretty much everything you need.

这篇关于您如何从(非网络)python 客户端访问经过身份验证的 Google App Engine 服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！