Geek Answers Handbook

Looking for a good example / template for openid + oauth hybrid with python in Google App Engine

I implemented oauth and openid separately (that is, log in with OpenId, separately authorize the Google data API using OAuth) and would like to combine them.

I currently have the following in my app.yaml application

- url: /_ah/login_required
  script: main.py

- url: .*
  script: main.py
  login: required

Then in main.py I have: (import removed for clarity)

def getClient():
    client =  gdata.calendar.service.CalendarService()
    consumer_key = 'my-app.appspot.com'
    consumer_secret = 'consumersecret'
    client.SetOAuthInputParameters(
        gdata.auth.OAuthSignatureMethod.HMAC_SHA1,
        consumer_key=consumer_key, 
        consumer_secret=consumer_secret)
    gdata.alt.appengine.run_on_appengine(client)
    return client

class OAuthOne(webapp.RequestHandler):
    def get(self):
        client = getClient()
        request_token = client.FetchOAuthRequestToken(oauth_callback='http://my-app.appspot.com/oauth2')
        client.SetOAuthToken(request_token)
        auth_url = client.GenerateOAuthAuthorizationURL()
        self.redirect( auth_url )

class OAuthTwo(webapp.RequestHandler):
    def get(self):
        client = getClient()
        token_from_url = gdata.auth.OAuthTokenFromUrl(self.request.uri) 
        if not token_from_url:
            self.redirect('/oauth')
        else:
            client.SetOAuthToken(token_from_url)
            oauth_verifier = self.request.get('oauth_verifier', default_value='')
            client.UpgradeToOAuthAccessToken(oauth_verifier=oauth_verifier)
            self.redirect('/')

class MainPage(webapp.RequestHandler):

    def get(self):
        self.user = users.get_current_user()
        self.template_values = {}
        if self.user:
            # do calendar api stuff here
            self.template_file = 'templates/index.html'
        else:
            self.template_file = 'templates/denied.html'

        path = os.path.join(os.path.dirname(__file__), self.template_file)
        self.response.out.write( template.render(path, self.template_values) )

application = webapp.WSGIApplication(
                                 [('/oauth', OAuthOne),
                                  ('/oauth2', OAuthTwo),
                                  ('/_ah/login_required', OpenIDHandler),
                                  ('/', MainPage)],
                                 debug=True)

def main():
    run_wsgi_app(application)

if __name__ == "__main__":
    main()

also in main.py, http://code.google.com/googleapps/marketplace/tutorial_python_gae.html

class OpenIDHandler(webapp.RequestHandler):
    def get(self):
        """Begins the OpenID flow and begins Google Apps discovery for the supplied domain."""
        login_url = users.create_login_url(dest_url='http://my-app.appspot.com/',
                                             _auth_domain=None,
                                             federated_identity='gmail.com')
        self.redirect( login_url )

As for the hybrid protocol, there is a PHP example here and a java example here , but I can't find anything for python.

, OpenIDHandler, - , users.create_login_url(). Google , " ". " OAuth " ( docs ), , . , Python.

HTTP- 

https://www.google.com/accounts/o8/id
?openid.ns=http://specs.openid.net/auth/2.0
&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select
&openid.identity=http://specs.openid.net/auth/2.0/identifier_select
&openid.return_to=http://www.example.com/checkauth
&openid.realm=http://www.example.com
&openid.assoc_handle=ABSmpf6DNMw
&openid.mode=checkid_setup
&openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0
&openid.oauth.consumer=www.example.com
&openid.oauth.scope=http://docs.google.com/feeds/+http://spreadsheets.google.com/feeds/

, .

, , , , " OAuth ".

+5
1

OAuth appengine https://github.com/mikeknapp/AppEngine-OAuth-Library sample.py .

+1

More articles:


All Articles