On Jul 15, 4:05 pm, Tony <fatd...@gmail.com> wrote: > The response has the "Set-cookie" header set, which will cause the > user's browser to save the cookie and then present it on the next > request (after redirected by the 302). In my code I've opted not to > follow the redirect, and extracted the cookie myself, because it's the > urlfetch service doing the request, not the user. You can then either > return a response to the user with a "Set-cookie" HTTP header (causing > their browser to save the cookie), or handle it some other way (return > it in the body and set the cookie with Javascript, for example). > > I think I misunderstood your original question, though, and you're > looking for something different. You want to get an authorization > cookie and then use it to make repeated requests with urlfetch, not > with a browser? If that's the case, you're going to want to capture > the "Set-cookie" header from the second response, and supply that in > future requests (setting the "Cookie" header for urlfetch).
Yes, that is exactly what I want :) My client app. is not browser- based. I guess I'll just use your method then.. appengine_rpc must be intended for browser apps only, as it does nothing to capture the auth. cookie. I could of course extend the appengine_rpc module to capture the cookie, but the module uses urllib2.OpenerDirector.open() to open URLs and this is perhaps not the way to go in my case? I am not sure what the difference is between urlfetch() and open().... it seems like I can get the headers (and hereby the cookie) by using info () on the response from open(). > > Basically, urlfetch will follow redirects but it won't handle cookies > automatically - so what's happening is it's ignoring the "Set-cookie" > header and following the redirect, and being denied because it's not > supplying a cookie. > > On Jul 15, 2:58 pm, epb <esbenbu...@gmail.com> wrote: > > > I can see why Tony's version would work. His "algorithm" has two > > steps: > > > 1. Get the authorization token using ClientLogin (which I also managed > > to do). > > 2. Use the uri "servername/_ah/login" to get the auth. cookie. > > > The appengine_rpc module seems to do authentication in a similar way: > > > A. Try to access the app. This results in a redirect to a location > > that starts withhttps://www.google.com/accounts/ServiceLogin > > B. Get a auth. token (like step 1 above) > > C. Use auth. token to get auth. cookie. > > D. Try to access the app. again (this is where it fails in my case...) > > > Anyway, step C is performed using the function below: > > > ------- > > > def _GetAuthCookie(self, auth_token): > > """Fetches authentication cookies for an authentication token. > > > Args: > > auth_token: The authentication token returned by ClientLogin. > > > Raises: > > HTTPError: If there was an error fetching the authentication > > cookies. > > """ > > continue_location = "http://localhost/" > > args = {"continue": continue_location, "auth": auth_token} > > login_path = os.environ.get("APPCFG_LOGIN_PATH", "/_ah") > > req = self._CreateRequest("%s://%s%s/login?%s" % > > (self.scheme, self.host, login_path, > > urllib.urlencode(args))) > > try: > > response = self.opener.open(req) > > except urllib2.HTTPError, e: > > response = e > > if (response.code != 302 or > > response.info()["location"] != continue_location): > > raise urllib2.HTTPError(req.get_full_url(), response.code, > > response.msg, > > response.headers, response.fp) > > self.authenticated = True > > > ------ > > > It seems to me, that we do nothing with the response in this > > function?? Shouldn't we save the cookie in the response like Tony's > > does above, and then use it when we try to log in again? > > > On Jul 15, 1:06 pm, epb <esbenbu...@gmail.com> wrote: > > > > Thanks for your answers. > > > > As I understand Nick's response, I only need to use appengine_rpc.py > > > for the entire process. I tried the following: > > > > ------- > > > > def passwdFunc(): > > > return ('my_email','my_passwd') > > > > rpcServer = appengine_rpc.HttpRpcServer > > > ('myapp.appspot.com',passwdFunc,None,'myAppName') > > > blah = rpcServer.Send('/') > > > > ------- > > > > This gave me a 302 error and the following log: > > > > ------- > > > > Server: myapp.appspot.com > > > Sending HTTP request: > > > POST /? HTTP/1.1 > > > Host: myapp.appspot.com > > > X-appcfg-api-version: 1 > > > Content-type: application/octet-stream > > > > Got http error, this is try #1 > > > Got 302 redirect. > > > Location:https://www.google.com/accounts/ServiceLogin?service=ah&continue=http... > > > nue%3Dhttp://myapp.appspot.com/ > > > <mpl=gm&ahname=MyAppName&sig=46378246....321321312 > > > Sending HTTP request: > > > POST /? HTTP/1.1 > > > Host: myapp.appspot.com > > > X-appcfg-api-version: 1 > > > Content-type: application/octet-stream > > > > Got http error, this is try #2 > > > > ------- > > > > It seems to me that the Send() function should do all authentication- > > > work automatically and re-direct to the app page after logging in. > > > Right? > > > > Anyway, I'll try out Tonys solution also.. > > > > On Jul 15, 11:18 am, Tony <fatd...@gmail.com> wrote: > > > > > Since I happened to have this up, here's a bit of sample code to get > > > > an authentication cookie for an appspot app... > > > > > from google.appengine.api import urlfetch > > > > from urllib import urlencode > > > > email = request.POST['username'] > > > > passwd = request.POST['password'] > > > > serv_root = "http://myapp.appspot.com" > > > > target = 'http://myapp.appspot.com/null' > > > > app_name = "myapp-1.0" > > > > auth_uri = 'https://www.google.com/accounts/ClientLogin' > > > > authreq_data = urlencode({ "Email": email, > > > > "Passwd": passwd, > > > > "service": "ah", > > > > "source": app_name, > > > > "accountType": "HOSTED_OR_GOOGLE" }) > > > > result = urlfetch.fetch(auth_uri, authreq_data, method=urlfetch.POST, > > > > follow_redirects=False) > > > > auth_dict = dict(x.split("=") for x in result.content.split("\n") if > > > > x) > > > > auth_token = auth_dict["Auth"] > > > > serv_args = {} > > > > serv_args['continue'] = target > > > > serv_args['auth'] = auth_token > > > > serv_uri = "%s/_ah/login?%s" % (serv_root, urlencode(serv_args)) > > > > result2 = urlfetch.fetch(serv_uri, follow_redirects=False, > > > > method=urlfetch.GET) > > > > ### here's the cookie which will authenticate future requests > > > > cookie = result2.headers['set-cookie'].split(';')[0] > > > > # cookie[0] => "ACSID" > > > > # cookie[1] => "AAAAHFSDJHSDFHSDJFHSDJFHSJFSDfsdjfhsjdfhsjdfh..." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---