Google App Engine:使用自定义身份验证或Open ID时的端点身份验证 [英] Google App Engine: Endpoints authentication when custom auth or Open ID is used
问题描述
我最近刚开始使用Google App Engine。我打算使用Flask来为网页和Endpoints API服务,最好是使用Endpoints-Proto-Datastore来处理其他任何事情。
从一开始,GAE上的非Google身份验证机制似乎需要一些工作。我很感激迄今为止发现的任何问题:
自定义身份验证
如果您可以将Open ID提供程序编写为应用程序的一部分,请使用Python-OpenID之类的东西,并在同一工作流程中实现使用者,以使其看起来像常规登录一样。这样它就很好地集成到GAE用户API提供的内容中。
我猜如果这样做是正确的,users.get_current_user()将工作得很好。
如果您想跳过编写自己的OpenID提供程序和而是使用Flask-Login与NDB集成来编写一个电子邮件/密码认证系统,这应该也可以。但是, GAE文档中的一些令人费解的信息说我可以实例化像这样的用户对象:
user = users.User(XYZ@XYZ.com) user.put()方法)a users.get_current_user ()仍然返回无。那么构建用户对象的用法是什么呢?
端点授权
关于在方法装饰器中包含用于端点 - 原始 - 数据存储滚动API的用户= OAuth似乎马上就能工作 - 在API Explorer中测试它时所要做的所有事情就是打开OAuth 2.0开关并选择一个有效的Oauth 2.0范围。那么这是否意味着如果我们实现了一个与用户API正确集成的OpenID提供者,那么仅仅使用Endpoints API的OAuth魔力是不够的?
这里同样,构建用户对象似乎无助于满足认证要求。
自定义身份验证/另一个OpenID实现如何与Endpoint API身份验证/授权一起使用?
我不想使用oAuth,而是使用user / token的简单形式的身份验证。 b
因此,我所做的是创建一个映射到/ _ah / spi / *的自定义ServletFilter,并从那里拦截HTTPServletRequest中的登录信息(如果它是Endpoint-API-Request)。 >
到目前为止工作似乎有效,但我不确定这是否应该走。但是,由于我没有发现任何非oAuth-Auth的例子,所以这是我最好的选择。
想要从@bossylobster或@ Dan Holevoet。
I recently got started with Google App Engine. I intend to use Flask to serve web pages and the Endpoints API, preferably with the Endpoints-Proto-Datastore for everything else.
From the beginning, non-Google Authentication mechanisms on GAE seem like they need some work. I'd appreciate any light shed on issues I've found so far:
Custom Authentication
If you can write an Open ID provider as part of the app, use something like Python-OpenID and also implement a consumer in the same workflow so it appears like regular login. This way it integrates nicely into what the GAE Users API provides. I'm guessing if this is done right, users.get_current_user() will work just fine.
If you want to skip writing your own OpenID provider and instead write an email/password auth system using Flask-Login integrating with NDB, that should be alright too. However, one puzzling bit of info in the GAE documentation says I can instantiate a user object like so:
user = users.User("XYZ@XYZ.com")
However, (there is no user.put() method here) a users.get_current_user() still returns None. So what would the use of constructing the user object ever be?
Endpoints Authorization
On including a user=required in the method decorator for an Endpoint-Proto-Datastore rolled API, OAuth seems to work right away - all you have to do while testing it in the APIs explorer is to turn on the OAuth 2.0 switch and pick a valid Oauth 2.0 Scope. So does that mean that if we implement a OpenID provider that integrates with the Users API correctly, it won't be sufficient to use the OAuth magic of Endpoints API?
Here too, it seems like constructing a user object will not help satisfy the authentication requirement.
How would custom authentication / another OpenID implementation work with Endpoint API authentication/authorization?
I wanted to not use oAuth, but a simpler form of Authentication with user/token.
So what I've done is create a custom ServletFilter that maps to /_ah/spi/* and intercepts login information from the HTTPServletRequest there, if it is an Endpoint-API-Request.
Seems to work thus far, but am not really sure if that is the way to go. But as I've found no examples for non-oAuth-Auth anywhere, that's currently my best shot.
Would love to get some best practice hints from @bossylobster or @Dan Holevoet.
这篇关于Google App Engine:使用自定义身份验证或Open ID时的端点身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
