Re: [google-appengine] Beginner Questions on Authentication
I have implemented traditional user/pass on top of repoze.who/repoze.what,
that also supported google auth and could be easily extended.
However it's not my code (wrote it for another organisation), so not in a
position to share (currently it is used by somewhere between 2000 and 3000
users).
I haven't seen a well packaged lib for doing this, (though they might
exist).
Though did come across this
- https://github.com/abahgat/webapp2-user-accounts
I would consider looking at something like webapp2-user-accounts and
pulling the core of it out and making it a provider for authomatic.
Then you can support multiple auth methods.
Cheers
Tim
On Thursday, January 1, 2015 1:23:27 PM UTC+8, Dakota Pitts-Price wrote:
Thanks lol but its not temping to roll out my own solution at all.
I am sorta a noob, so I would like to use a vetted and easy to implement
solution.
Automatic looks nice, thanks for the recommendation, but it does not
appear to support its own authentication.
As I move beyond something as dead simple as Parse, I still want to
maintain the ability to offer traditional user/pass logins.
This is a requirement with a majority of my clients as well as with users.
On Wednesday, December 31, 2014 5:39:56 PM UTC-10, timh wrote:
I know it's tempting to roll your own, but I would have a look at
automatic first.
http://peterhudec.github.io/authomatic/index.html
On Thursday, January 1, 2015 11:01:43 AM UTC+8, Dakota Pitts-Price wrote:
Thanks for your support Les.
I find it shocking that for all its amazing features the GAE has, it's
built in username/password system is such a second class citizen.
I understand the complexity and ease of getting it wrong, which is why I
hoping to find an easier to roll out solution than building it from the
ground up.
Personally I also learn the best that way.
I see a modified Django is supported on the GAE. I have no experience
with this framework, but I would rather spend the time to learn that than
roll out my own Auth system on top of end points.
Are there any caveats to using Django on GAE? I understand I wouldn't be
able to use the nifty Cloud End Points.
I am only currently looking to have 7 REST Apis that deliver JSON plus
one or two tasks that run once a day.
Is Django over kill for that level of requirements? Is there an easier
solution?
Sorry about all the questions and thanks again!
Dakota
On Tuesday, December 30, 2014 10:00:27 PM UTC-10, Les Vogel wrote:
Hi Dakota,
First off, Identity-Toolkit is separate from Endpoints, so using it
would require you rolling your own solution for Endpoints -- similar to
what I describe below.
What I'm about to describe is a very simplified version of what's
necessary, I recommend reading the standard docs for OAuth2 as there are
some very subtle and tricky things about security. (ie. I'm simplifying
things to answer the Q using our API's and our accounts is best practices,
what I'm describing probably could be improved by a security expert)
Because of this, I will not be using specific nomenclature to
differentiate this from a good solution.
Your login mechanism can return a token (like a JWT http://jwt.io/)
that should contain at least an identifier of who the user is, an
expiration date/time for the token, and be cryptologically signed. You
pass that token as one of the parameters in your Endpoint, you ALWAYS
validate the signature then the expiration time. If either is invalid,
you
reject the token.
You can include a refresh method, or just require re-login to get a
revised token. My go code
https://github.com/GoogleCloudPlatform/abelana-gcp/blob/master/endpoints/tokens.go
has most of this.
One last disclaimer - This stuff is very hard to get right!
Below was from a private message I sent about this last week. It has
both the Java and Android (java) changes. Where you see the word secret
send your token. (This had a constant secret for his application).
Regards,
Les
From:
https://github.com/GoogleCloudPlatform/gradle-appengine-templates/tree/master/HelloEndpoints
If you look at the code:
context = params[0].first;
String name = params[0].second;
try {
return myApiService.sayHi(name).execute().getData();
} catch (IOException e) {
return e.getMessage();
}
Which came from your java code:
@ApiMethod(name = sayHi)
public MyBean sayHi(@Named(name) String name) {
MyBean response = new MyBean();
response.setData(Hi, + name);
return response;
}
You can see the service sayHi(name) to add the secret, you could do
the following
redefine your service to include secret:
public MyBean sayHi(@Named(secret) Long secret, @Named(name)
name) {
if(secret != 32753454453456L) return null;
...
}
And the code would become:
return myApiService.sayHi(secret,
[google-appengine] Re: Does Google App engine and Google drive work in China
In our experience from using App Engine with a lot of Chinese users: - *.appspot.com is completely blocked (both HTTP and HTTPS) - custom domain HTTP works and is unblocked - custom domain HTTPS using SNI is either partially blocked or completely blocked (seems to be completely blocked since 25th december). - custom domain HTTPS using VIP SSL seems unblocked! Of course the IPs vary and can rotate and you might end up with one that is blocked. But for us this works for now. On Wednesday, December 24, 2014 1:55:48 AM UTC+1, Ravi Shankar wrote: hi all, Does Google App engine and Google drive work in China? Regards Ravi -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
[google-appengine] Google AppEngine Account/Projects Gets Suspended Every time I Pay Google
This has been happening to me consistently for last 2 weeks. Each time I have paid Google AppEngine for services, they have sent me an email saying Policy Violation and then a series of emails start flowing suspending one account after the other. Does ANYONE know why this happens? Google AppEngine Cloud Compliance team seems to be handling it - they pretty much box you down and don't respond to emails or tell you why the problem is happening. Now I am completely locked out of Google AppEngine - they told me last week all is well and restored access and this week - complete lock down - no option even to appeal and understand What is causing the problem. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
[google-appengine] Re: Google Dev Console - Data Leak
Update: I checked my console again just now. This project has disappeared. On Tuesday, 31 December 2013 03:11:54 UTC+8, Tryn Mirell wrote: This is still the case. The interesting thing to note is that the Project ID for this project is null. I should also note that I also have a project named API Project, although this has a Project ID assigned to it. Since I personally have no idea how this happened, and cannot reproduce it, I didn't feel it to be a classified as there is no known vector. All I want is to remove this project from my list, since I can't do anything, and have previously contacted the owner with no success. I have attached a screenshot where I'm not even listed as having access to this project. If the attachment is filtered, the screenshot is here: http://bit.ly/1lucW97 -- Forwarded message -- From: Tryn Mirell tr...@mirell.org javascript: Date: Wed, Dec 18, 2013 at 10:16 AM Subject: Google API Projects - Oddness To: jill...@gmail.com javascript: For some reason, the project named API Project and with the Project Number 267874307843 is showing up in my Dev Console. It lists you as owner, and chromi...@chromium.org javascript: can view. Any ideas? -- *===| Tryn Mirell | | tr...@mirell.org javascript: || +1.512.394.3620 |===Even imperfection itself may have its ideal or perfect state. Thomas de Quincey * -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
[google-appengine] Re: App Engine Account Suspended
Wayne, am having the same issue and it is completely 1 sided approach from Google. They suspended my account within 30 minutes of my paying Google AppEngine USD 50/- for services. They don't give any reason whatsoever so that I can resolve the issue. Completely UNHELPFUL approach from Google AppEngine team. Am fully locked out now and can't even deploy updates to my website. On Tuesday, 2 December 2014 17:33:19 UTC+5:30, Wayne Smith wrote: My google Apps account was recently suspended and has now been reactivated, although I am still unable to access the google app engine. When attempting to log in i'm redirected to a page giving the account suspended notification. Filling in the contact form just results in an automated email suggesting my apps administrator has suspended the account, I am the apps administrator and this is not the case. Any suggestions on how I am able to contact support to resolve this issue would be greatly appreciated. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
[google-appengine] Re: Google AppEngine Account/Projects Gets Suspended Every time I Pay Google
Google - can you please respond to this or work with the people directly? There have been three posts in the last month with people complaining their accounts are being suspended with no recourse. This is the last thing any app engine users want to go through. Please consider a one-time charge support option if you must. I have a Digital Ocean account and it was once hacked, and their team worked with me in a matter of hours to determine what I needed to do to get access restored. I didn't have to pay them anything. On Wednesday, December 31, 2014 6:40:33 PM UTC-8, Anand Hariharan wrote: This has been happening to me consistently for last 2 weeks. Each time I have paid Google AppEngine for services, they have sent me an email saying Policy Violation and then a series of emails start flowing suspending one account after the other. Does ANYONE know why this happens? Google AppEngine Cloud Compliance team seems to be handling it - they pretty much box you down and don't respond to emails or tell you why the problem is happening. Now I am completely locked out of Google AppEngine - they told me last week all is well and restored access and this week - complete lock down - no option even to appeal and understand What is causing the problem. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] Beginner Questions on Authentication
Hi Dakota,
You haven't mentioned what will be calling your service? (JavaScript, iOS,
or Android)
If you've really never done it before, I would suggest you grab the
Identity-Kit sample and just build from that. It's really easy to put that
up and extend it. https://github.com/googlesamples/identity-toolkit-python
Since you are mentioning Django, There are quite a few other versions.
When I don't want GoogleAuth, I often will just roll my own API instead of
using EndPoints. I find I can do simple JSON API's in very few lines of
code. Just make sure to require HTTPS.
Les
On Thu, Jan 1, 2015 at 12:50 AM, timh zutes...@gmail.com wrote:
I have implemented traditional user/pass on top of repoze.who/repoze.what,
that also supported google auth and could be easily extended.
However it's not my code (wrote it for another organisation), so not in a
position to share (currently it is used by somewhere between 2000 and 3000
users).
I haven't seen a well packaged lib for doing this, (though they might
exist).
Though did come across this -
https://github.com/abahgat/webapp2-user-accounts
I would consider looking at something like webapp2-user-accounts and
pulling the core of it out and making it a provider for authomatic.
Then you can support multiple auth methods.
Cheers
Tim
On Thursday, January 1, 2015 1:23:27 PM UTC+8, Dakota Pitts-Price wrote:
Thanks lol but its not temping to roll out my own solution at all.
I am sorta a noob, so I would like to use a vetted and easy to implement
solution.
Automatic looks nice, thanks for the recommendation, but it does not
appear to support its own authentication.
As I move beyond something as dead simple as Parse, I still want to
maintain the ability to offer traditional user/pass logins.
This is a requirement with a majority of my clients as well as with users.
On Wednesday, December 31, 2014 5:39:56 PM UTC-10, timh wrote:
I know it's tempting to roll your own, but I would have a look at
automatic first.
http://peterhudec.github.io/authomatic/index.html
On Thursday, January 1, 2015 11:01:43 AM UTC+8, Dakota Pitts-Price wrote:
Thanks for your support Les.
I find it shocking that for all its amazing features the GAE has, it's
built in username/password system is such a second class citizen.
I understand the complexity and ease of getting it wrong, which is why
I hoping to find an easier to roll out solution than building it from the
ground up.
Personally I also learn the best that way.
I see a modified Django is supported on the GAE. I have no experience
with this framework, but I would rather spend the time to learn that than
roll out my own Auth system on top of end points.
Are there any caveats to using Django on GAE? I understand I wouldn't
be able to use the nifty Cloud End Points.
I am only currently looking to have 7 REST Apis that deliver JSON plus
one or two tasks that run once a day.
Is Django over kill for that level of requirements? Is there an easier
solution?
Sorry about all the questions and thanks again!
Dakota
On Tuesday, December 30, 2014 10:00:27 PM UTC-10, Les Vogel wrote:
Hi Dakota,
First off, Identity-Toolkit is separate from Endpoints, so using it
would require you rolling your own solution for Endpoints -- similar to
what I describe below.
What I'm about to describe is a very simplified version of what's
necessary, I recommend reading the standard docs for OAuth2 as there are
some very subtle and tricky things about security. (ie. I'm simplifying
things to answer the Q using our API's and our accounts is best practices,
what I'm describing probably could be improved by a security expert)
Because of this, I will not be using specific nomenclature to
differentiate this from a good solution.
Your login mechanism can return a token (like a JWT http://jwt.io/)
that should contain at least an identifier of who the user is, an
expiration date/time for the token, and be cryptologically signed. You
pass that token as one of the parameters in your Endpoint, you ALWAYS
validate the signature then the expiration time. If either is invalid,
you
reject the token.
You can include a refresh method, or just require re-login to get a
revised token. My go code
https://github.com/GoogleCloudPlatform/abelana-gcp/blob/master/endpoints/tokens.go
has most of this.
One last disclaimer - This stuff is very hard to get right!
Below was from a private message I sent about this last week. It has
both the Java and Android (java) changes. Where you see the word secret
send your token. (This had a constant secret for his application).
Regards,
Les
From:
https://github.com/GoogleCloudPlatform/gradle-
appengine-templates/tree/master/HelloEndpoints
If you look at the code:
context = params[0].first;
String name = params[0].second;
try {
return myApiService.sayHi(name).execute().getData();
} catch (IOException
[google-appengine] Search API: How come Ondřej matches ondrej? I need to mimic that in browser.
Hello For optimization purposes (within browser) I need to mimic whatever processing is done to the needle string before it is matched against the indexes. Basically it means to translate weird characters into their boring (and lowercase) representations: - ř,Ř = r - ě,é,ë,Ě,É,Ë = e - ... What approach should I take to get as close as possible to what the Search API does? Cheers Jarda -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
