Python GAE应用程序在同一时间使用两方OAuth和三方OAuth [英] Python GAE app using 2-legged OAuth and 3-legged OAuth at same time
问题描述
我正在编写一个Python - Google App Engine应用程序。这个应用必须做两件重要的事:
第一次操作使用用户个人资料撰写(与Google Apps域中的用户一起使用)简单。如果我了解OAuth,这是一种经典的三脚架方案。 OAuth最初开发的场景。登录的用户向客户端(我的应用)提供凭据以代表他/她访问用户的数据(日历)。所以,这可以通过记录用户的凭证来完成。
第二个操作并不容易。只有登录的用户凭证才能完成。这是一种双腿OAuth方案。因此,我需要在Google Apps域管理员帐户中进行委派,才能使用Google个人资料API(通过Google数据库)访问用户的个人资料。到目前为止,我在一个json文件中硬编码管理用户/密码,我的应用程序加载该文件。但对我来说,这听起来很脏。
最后,我的应用需要处理经典的三脚架式OAuth场景(没问题,只需要记录用户的凭据)加上双腿OAuth方案(需要管理员凭据)。是否有任何官方或更优雅的方式来处理Google App Engine中的两种情况,即使用Google Apps域,也就是硬编码管理凭证?
提前致谢
AFAIK无法授权对Google通讯录执行写入操作Data API使用两段OAuth。
Google的文档指定哪些API可以通过双腿OAuth访问,但似乎Google的某人忘记指定其中一些是只读的:-S
我期待Go的某个人ogle修复此问题。在此之前,对管理员级别凭据进行编码是我知道的唯一选择。我根本不喜欢它:它很脏,但有效。如果有人知道更优雅的禅宗水平的方式,请照亮我们!
I'm coding a Python - Google App Engine application. There are 2 important things this app must do:
- Write in user's calendar.
- Write in user's profile (working with users in a Google Apps domain)
First operation is easy. If I understood OAuth, this is the classical 3-legged scenario. The scenario for which OAuth was originally developed. The logged user provides credentials to the client (my app) to access the user's data (calendar) on his/her behalf. So, this can be done just with the logged user's credentials.
Second operation is not so easy. It can't be done with just the logged user's credentials. This is a 2-legged OAuth scenario. So, I need to delegate in a Google Apps domain admin's account to access the users's profiles using Google Profiles API (via google data library). So far, I hardcode admin user/password in a json file, and my app loads that file. But that sounds kind of dirty for me.
At the end, my app needs to handle the classical 3-legged OAuth scenario (no problem, just need the logged user's credentials) plus a 2-legged OAuth scenario (need administrator credentials).
Is there any official or more elegant way to handle both scenarios in Google App Engine, working with Google Apps domain, that hardcoding admin credentials?
Many thanks in advance
AFAIK there is no way to authorize a write operation to Google Contacts Data API using 2-legged OAuth.
Google's documentation specifies which APIs are accessible via 2-legged OAuth, but it seems that someone at Google's forgot to specify that some of them are read-only :-S
Some people had the same problem here and here.
I look forward someone at Google to fix this. Until then, harcoding admin-level credentials is the only option I know that it works. I don't like it at all: it's dirty but effective. If someone knows a more elegant zen-level way, please illuminate us!
这篇关于Python GAE应用程序在同一时间使用两方OAuth和三方OAuth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
