Re: [google-appengine] Beginner Questions on Authentication
I have implemented traditional user/pass on top of repoze.who/repoze.what, that also supported google auth and could be easily extended. However it's not my code (wrote it for another organisation), so not in a position to share (currently it is used by somewhere between 2000 and 3000 users). I haven't seen a well packaged lib for doing this, (though they might exist). Though did come across this - https://github.com/abahgat/webapp2-user-accounts I would consider looking at something like webapp2-user-accounts and pulling the core of it out and making it a provider for authomatic. Then you can support multiple auth methods. Cheers Tim On Thursday, January 1, 2015 1:23:27 PM UTC+8, Dakota Pitts-Price wrote: Thanks lol but its not temping to roll out my own solution at all. I am sorta a noob, so I would like to use a vetted and easy to implement solution. Automatic looks nice, thanks for the recommendation, but it does not appear to support its own authentication. As I move beyond something as dead simple as Parse, I still want to maintain the ability to offer traditional user/pass logins. This is a requirement with a majority of my clients as well as with users. On Wednesday, December 31, 2014 5:39:56 PM UTC-10, timh wrote: I know it's tempting to roll your own, but I would have a look at automatic first. http://peterhudec.github.io/authomatic/index.html On Thursday, January 1, 2015 11:01:43 AM UTC+8, Dakota Pitts-Price wrote: Thanks for your support Les. I find it shocking that for all its amazing features the GAE has, it's built in username/password system is such a second class citizen. I understand the complexity and ease of getting it wrong, which is why I hoping to find an easier to roll out solution than building it from the ground up. Personally I also learn the best that way. I see a modified Django is supported on the GAE. I have no experience with this framework, but I would rather spend the time to learn that than roll out my own Auth system on top of end points. Are there any caveats to using Django on GAE? I understand I wouldn't be able to use the nifty Cloud End Points. I am only currently looking to have 7 REST Apis that deliver JSON plus one or two tasks that run once a day. Is Django over kill for that level of requirements? Is there an easier solution? Sorry about all the questions and thanks again! Dakota On Tuesday, December 30, 2014 10:00:27 PM UTC-10, Les Vogel wrote: Hi Dakota, First off, Identity-Toolkit is separate from Endpoints, so using it would require you rolling your own solution for Endpoints -- similar to what I describe below. What I'm about to describe is a very simplified version of what's necessary, I recommend reading the standard docs for OAuth2 as there are some very subtle and tricky things about security. (ie. I'm simplifying things to answer the Q using our API's and our accounts is best practices, what I'm describing probably could be improved by a security expert) Because of this, I will not be using specific nomenclature to differentiate this from a good solution. Your login mechanism can return a token (like a JWT http://jwt.io/) that should contain at least an identifier of who the user is, an expiration date/time for the token, and be cryptologically signed. You pass that token as one of the parameters in your Endpoint, you ALWAYS validate the signature then the expiration time. If either is invalid, you reject the token. You can include a refresh method, or just require re-login to get a revised token. My go code https://github.com/GoogleCloudPlatform/abelana-gcp/blob/master/endpoints/tokens.go has most of this. One last disclaimer - This stuff is very hard to get right! Below was from a private message I sent about this last week. It has both the Java and Android (java) changes. Where you see the word secret send your token. (This had a constant secret for his application). Regards, Les From: https://github.com/GoogleCloudPlatform/gradle-appengine-templates/tree/master/HelloEndpoints If you look at the code: context = params[0].first; String name = params[0].second; try { return myApiService.sayHi(name).execute().getData(); } catch (IOException e) { return e.getMessage(); } Which came from your java code: @ApiMethod(name = sayHi) public MyBean sayHi(@Named(name) String name) { MyBean response = new MyBean(); response.setData(Hi, + name); return response; } You can see the service sayHi(name) to add the secret, you could do the following redefine your service to include secret: public MyBean sayHi(@Named(secret) Long secret, @Named(name) name) { if(secret != 32753454453456L) return null; ... } And the code would become: return myApiService.sayHi(secret,
Re: [google-appengine] Beginner Questions on Authentication
Hi Dakota, You haven't mentioned what will be calling your service? (JavaScript, iOS, or Android) If you've really never done it before, I would suggest you grab the Identity-Kit sample and just build from that. It's really easy to put that up and extend it. https://github.com/googlesamples/identity-toolkit-python Since you are mentioning Django, There are quite a few other versions. When I don't want GoogleAuth, I often will just roll my own API instead of using EndPoints. I find I can do simple JSON API's in very few lines of code. Just make sure to require HTTPS. Les On Thu, Jan 1, 2015 at 12:50 AM, timh zutes...@gmail.com wrote: I have implemented traditional user/pass on top of repoze.who/repoze.what, that also supported google auth and could be easily extended. However it's not my code (wrote it for another organisation), so not in a position to share (currently it is used by somewhere between 2000 and 3000 users). I haven't seen a well packaged lib for doing this, (though they might exist). Though did come across this - https://github.com/abahgat/webapp2-user-accounts I would consider looking at something like webapp2-user-accounts and pulling the core of it out and making it a provider for authomatic. Then you can support multiple auth methods. Cheers Tim On Thursday, January 1, 2015 1:23:27 PM UTC+8, Dakota Pitts-Price wrote: Thanks lol but its not temping to roll out my own solution at all. I am sorta a noob, so I would like to use a vetted and easy to implement solution. Automatic looks nice, thanks for the recommendation, but it does not appear to support its own authentication. As I move beyond something as dead simple as Parse, I still want to maintain the ability to offer traditional user/pass logins. This is a requirement with a majority of my clients as well as with users. On Wednesday, December 31, 2014 5:39:56 PM UTC-10, timh wrote: I know it's tempting to roll your own, but I would have a look at automatic first. http://peterhudec.github.io/authomatic/index.html On Thursday, January 1, 2015 11:01:43 AM UTC+8, Dakota Pitts-Price wrote: Thanks for your support Les. I find it shocking that for all its amazing features the GAE has, it's built in username/password system is such a second class citizen. I understand the complexity and ease of getting it wrong, which is why I hoping to find an easier to roll out solution than building it from the ground up. Personally I also learn the best that way. I see a modified Django is supported on the GAE. I have no experience with this framework, but I would rather spend the time to learn that than roll out my own Auth system on top of end points. Are there any caveats to using Django on GAE? I understand I wouldn't be able to use the nifty Cloud End Points. I am only currently looking to have 7 REST Apis that deliver JSON plus one or two tasks that run once a day. Is Django over kill for that level of requirements? Is there an easier solution? Sorry about all the questions and thanks again! Dakota On Tuesday, December 30, 2014 10:00:27 PM UTC-10, Les Vogel wrote: Hi Dakota, First off, Identity-Toolkit is separate from Endpoints, so using it would require you rolling your own solution for Endpoints -- similar to what I describe below. What I'm about to describe is a very simplified version of what's necessary, I recommend reading the standard docs for OAuth2 as there are some very subtle and tricky things about security. (ie. I'm simplifying things to answer the Q using our API's and our accounts is best practices, what I'm describing probably could be improved by a security expert) Because of this, I will not be using specific nomenclature to differentiate this from a good solution. Your login mechanism can return a token (like a JWT http://jwt.io/) that should contain at least an identifier of who the user is, an expiration date/time for the token, and be cryptologically signed. You pass that token as one of the parameters in your Endpoint, you ALWAYS validate the signature then the expiration time. If either is invalid, you reject the token. You can include a refresh method, or just require re-login to get a revised token. My go code https://github.com/GoogleCloudPlatform/abelana-gcp/blob/master/endpoints/tokens.go has most of this. One last disclaimer - This stuff is very hard to get right! Below was from a private message I sent about this last week. It has both the Java and Android (java) changes. Where you see the word secret send your token. (This had a constant secret for his application). Regards, Les From: https://github.com/GoogleCloudPlatform/gradle- appengine-templates/tree/master/HelloEndpoints If you look at the code: context = params[0].first; String name = params[0].second; try { return myApiService.sayHi(name).execute().getData(); } catch (IOException
Re: [google-appengine] Beginner Questions on Authentication
Hi Dakota, First off, Identity-Toolkit is separate from Endpoints, so using it would require you rolling your own solution for Endpoints -- similar to what I describe below. What I'm about to describe is a very simplified version of what's necessary, I recommend reading the standard docs for OAuth2 as there are some very subtle and tricky things about security. (ie. I'm simplifying things to answer the Q using our API's and our accounts is best practices, what I'm describing probably could be improved by a security expert) Because of this, I will not be using specific nomenclature to differentiate this from a good solution. Your login mechanism can return a token (like a JWT http://jwt.io/) that should contain at least an identifier of who the user is, an expiration date/time for the token, and be cryptologically signed. You pass that token as one of the parameters in your Endpoint, you ALWAYS validate the signature then the expiration time. If either is invalid, you reject the token. You can include a refresh method, or just require re-login to get a revised token. My go code https://github.com/GoogleCloudPlatform/abelana-gcp/blob/master/endpoints/tokens.go has most of this. One last disclaimer - This stuff is very hard to get right! Below was from a private message I sent about this last week. It has both the Java and Android (java) changes. Where you see the word secret send your token. (This had a constant secret for his application). Regards, Les From: https://github.com/GoogleCloudPlatform/gradle-appengine-templates/tree/master/HelloEndpoints If you look at the code: context = params[0].first; String name = params[0].second; try { return myApiService.sayHi(name).execute().getData(); } catch (IOException e) { return e.getMessage(); } Which came from your java code: @ApiMethod(name = sayHi) public MyBean sayHi(@Named(name) String name) { MyBean response = new MyBean(); response.setData(Hi, + name); return response; } You can see the service sayHi(name) to add the secret, you could do the following redefine your service to include secret: public MyBean sayHi(@Named(secret) Long secret, @Named(name) name) { if(secret != 32753454453456L) return null; ... } And the code would become: return myApiService.sayHi(secret, name).execute().getData(); On Tue, Dec 30, 2014 at 3:40 PM, Dakota Pitts-Price fallenent...@gmail.com wrote: Hey Les, If I wanted to have my own login system and still use the Cloud End Points with some form of Auth, how would you advise going about starting this? Thanks for your help :) On Tuesday, December 30, 2014 1:37:07 PM UTC-10, Les Vogel wrote: Hi Dakota, You might wish to look at the Identity-Toolkit https://developers.google.com/identity-toolkit/ or Firebase https://www.firebase.com/ for general purpose Auth. For GAE, you can have general gmail or domain specific auth -- ie all Google accounts (Gmail, Google for Work / Education / Business / Government, and anyone who's logged into Google). Correct - If you roll your own, you can't use GAE login or Endpoints with Auth enabled. Nor can you roll your own Oauth2 and insert it into Endpoints. You could issue your own Tokens and pass them as parameters, always requiring HTTPS, however. I have a few examples of this using Identity-Toolkit, but they are for Go Android. Regards, Les On Tue, Dec 30, 2014 at 1:10 PM, Dakota Pitts-Price fallen...@gmail.com wrote: Hi I am noob looking to expand my knowledge base outside of heavily managed services like Parse. I have done a few jobs in Parse, but I am looking for something that is more flexible and cheaper to use as an App Backend. I think the GAE is a good stepping stone, but I keep coming across the issue of Authentication. First it appears that there is no out of the box easy way to do a simple username and password login. -It seems like the best approach to this is using Django --Is there an equivalent framework in Java that is GAE compatible? Second it appears if you using your own Login system you can't use the builtin Auth with Google Cloud End Points -So it seems if you want to use the builtin Auth with cloud end points and still maintain control of your user login I would need to host my own Oauth2 Service. --Is there a way for me to host my own Oauth2 Service inside of the GAE? --This seems like how AWS works, should I consider just starting on their system instead of GAE? Thanks for reading :) *-Side note* *I have been Googling and researching this for about two days now and am surprised at the communities lack of support for non Google or non major Oauth user authentication in GAE.* *It is out of the question for many of my clients to not have self authentication for their apps/sites.* *So having an easy solution is important for me as I learn how to use a more powerful
Re: [google-appengine] Beginner Questions on Authentication
Thanks for your support Les. I find it shocking that for all its amazing features the GAE has, it's built in username/password system is such a second class citizen. I understand the complexity and ease of getting it wrong, which is why I hoping to find an easier to roll out solution than building it from the ground up. Personally I also learn the best that way. I see a modified Django is supported on the GAE. I have no experience with this framework, but I would rather spend the time to learn that than roll out my own Auth system on top of end points. Are there any caveats to using Django on GAE? I understand I wouldn't be able to use the nifty Cloud End Points. I am only currently looking to have 7 REST Apis that deliver JSON plus one or two tasks that run once a day. Is Django over kill for that level of requirements? Is there an easier solution? Sorry about all the questions and thanks again! Dakota On Tuesday, December 30, 2014 10:00:27 PM UTC-10, Les Vogel wrote: Hi Dakota, First off, Identity-Toolkit is separate from Endpoints, so using it would require you rolling your own solution for Endpoints -- similar to what I describe below. What I'm about to describe is a very simplified version of what's necessary, I recommend reading the standard docs for OAuth2 as there are some very subtle and tricky things about security. (ie. I'm simplifying things to answer the Q using our API's and our accounts is best practices, what I'm describing probably could be improved by a security expert) Because of this, I will not be using specific nomenclature to differentiate this from a good solution. Your login mechanism can return a token (like a JWT http://jwt.io/) that should contain at least an identifier of who the user is, an expiration date/time for the token, and be cryptologically signed. You pass that token as one of the parameters in your Endpoint, you ALWAYS validate the signature then the expiration time. If either is invalid, you reject the token. You can include a refresh method, or just require re-login to get a revised token. My go code https://github.com/GoogleCloudPlatform/abelana-gcp/blob/master/endpoints/tokens.go has most of this. One last disclaimer - This stuff is very hard to get right! Below was from a private message I sent about this last week. It has both the Java and Android (java) changes. Where you see the word secret send your token. (This had a constant secret for his application). Regards, Les From: https://github.com/GoogleCloudPlatform/gradle-appengine-templates/tree/master/HelloEndpoints If you look at the code: context = params[0].first; String name = params[0].second; try { return myApiService.sayHi(name).execute().getData(); } catch (IOException e) { return e.getMessage(); } Which came from your java code: @ApiMethod(name = sayHi) public MyBean sayHi(@Named(name) String name) { MyBean response = new MyBean(); response.setData(Hi, + name); return response; } You can see the service sayHi(name) to add the secret, you could do the following redefine your service to include secret: public MyBean sayHi(@Named(secret) Long secret, @Named(name) name) { if(secret != 32753454453456L) return null; ... } And the code would become: return myApiService.sayHi(secret, name).execute().getData(); On Tue, Dec 30, 2014 at 3:40 PM, Dakota Pitts-Price fallen...@gmail.com javascript: wrote: Hey Les, If I wanted to have my own login system and still use the Cloud End Points with some form of Auth, how would you advise going about starting this? Thanks for your help :) On Tuesday, December 30, 2014 1:37:07 PM UTC-10, Les Vogel wrote: Hi Dakota, You might wish to look at the Identity-Toolkit https://developers.google.com/identity-toolkit/ or Firebase https://www.firebase.com/ for general purpose Auth. For GAE, you can have general gmail or domain specific auth -- ie all Google accounts (Gmail, Google for Work / Education / Business / Government, and anyone who's logged into Google). Correct - If you roll your own, you can't use GAE login or Endpoints with Auth enabled. Nor can you roll your own Oauth2 and insert it into Endpoints. You could issue your own Tokens and pass them as parameters, always requiring HTTPS, however. I have a few examples of this using Identity-Toolkit, but they are for Go Android. Regards, Les On Tue, Dec 30, 2014 at 1:10 PM, Dakota Pitts-Price fallen...@gmail.com wrote: Hi I am noob looking to expand my knowledge base outside of heavily managed services like Parse. I have done a few jobs in Parse, but I am looking for something that is more flexible and cheaper to use as an App Backend. I think the GAE is a good stepping stone, but I keep coming across the issue of Authentication.
Re: [google-appengine] Beginner Questions on Authentication
I know it's tempting to roll your own, but I would have a look at automatic first. http://peterhudec.github.io/authomatic/index.html On Thursday, January 1, 2015 11:01:43 AM UTC+8, Dakota Pitts-Price wrote: Thanks for your support Les. I find it shocking that for all its amazing features the GAE has, it's built in username/password system is such a second class citizen. I understand the complexity and ease of getting it wrong, which is why I hoping to find an easier to roll out solution than building it from the ground up. Personally I also learn the best that way. I see a modified Django is supported on the GAE. I have no experience with this framework, but I would rather spend the time to learn that than roll out my own Auth system on top of end points. Are there any caveats to using Django on GAE? I understand I wouldn't be able to use the nifty Cloud End Points. I am only currently looking to have 7 REST Apis that deliver JSON plus one or two tasks that run once a day. Is Django over kill for that level of requirements? Is there an easier solution? Sorry about all the questions and thanks again! Dakota On Tuesday, December 30, 2014 10:00:27 PM UTC-10, Les Vogel wrote: Hi Dakota, First off, Identity-Toolkit is separate from Endpoints, so using it would require you rolling your own solution for Endpoints -- similar to what I describe below. What I'm about to describe is a very simplified version of what's necessary, I recommend reading the standard docs for OAuth2 as there are some very subtle and tricky things about security. (ie. I'm simplifying things to answer the Q using our API's and our accounts is best practices, what I'm describing probably could be improved by a security expert) Because of this, I will not be using specific nomenclature to differentiate this from a good solution. Your login mechanism can return a token (like a JWT http://jwt.io/) that should contain at least an identifier of who the user is, an expiration date/time for the token, and be cryptologically signed. You pass that token as one of the parameters in your Endpoint, you ALWAYS validate the signature then the expiration time. If either is invalid, you reject the token. You can include a refresh method, or just require re-login to get a revised token. My go code https://github.com/GoogleCloudPlatform/abelana-gcp/blob/master/endpoints/tokens.go has most of this. One last disclaimer - This stuff is very hard to get right! Below was from a private message I sent about this last week. It has both the Java and Android (java) changes. Where you see the word secret send your token. (This had a constant secret for his application). Regards, Les From: https://github.com/GoogleCloudPlatform/gradle-appengine-templates/tree/master/HelloEndpoints If you look at the code: context = params[0].first; String name = params[0].second; try { return myApiService.sayHi(name).execute().getData(); } catch (IOException e) { return e.getMessage(); } Which came from your java code: @ApiMethod(name = sayHi) public MyBean sayHi(@Named(name) String name) { MyBean response = new MyBean(); response.setData(Hi, + name); return response; } You can see the service sayHi(name) to add the secret, you could do the following redefine your service to include secret: public MyBean sayHi(@Named(secret) Long secret, @Named(name) name) { if(secret != 32753454453456L) return null; ... } And the code would become: return myApiService.sayHi(secret, name).execute().getData(); On Tue, Dec 30, 2014 at 3:40 PM, Dakota Pitts-Price fallen...@gmail.com wrote: Hey Les, If I wanted to have my own login system and still use the Cloud End Points with some form of Auth, how would you advise going about starting this? Thanks for your help :) On Tuesday, December 30, 2014 1:37:07 PM UTC-10, Les Vogel wrote: Hi Dakota, You might wish to look at the Identity-Toolkit https://developers.google.com/identity-toolkit/ or Firebase https://www.firebase.com/ for general purpose Auth. For GAE, you can have general gmail or domain specific auth -- ie all Google accounts (Gmail, Google for Work / Education / Business / Government, and anyone who's logged into Google). Correct - If you roll your own, you can't use GAE login or Endpoints with Auth enabled. Nor can you roll your own Oauth2 and insert it into Endpoints. You could issue your own Tokens and pass them as parameters, always requiring HTTPS, however. I have a few examples of this using Identity-Toolkit, but they are for Go Android. Regards, Les On Tue, Dec 30, 2014 at 1:10 PM, Dakota Pitts-Price fallen...@gmail.com wrote: Hi I am noob looking to expand my knowledge base outside of heavily managed services like Parse. I have
Re: [google-appengine] Beginner Questions on Authentication
Thanks lol but its not temping to roll out my own solution at all. I am sorta a noob, so I would like to use a vetted and easy to implement solution. Automatic looks nice, thanks for the recommendation, but it does not appear to support its own authentication. As I move beyond something as dead simple as Parse, I still want to maintain the ability to offer traditional user/pass logins. This is a requirement with a majority of my clients as well as with users. On Wednesday, December 31, 2014 5:39:56 PM UTC-10, timh wrote: I know it's tempting to roll your own, but I would have a look at automatic first. http://peterhudec.github.io/authomatic/index.html On Thursday, January 1, 2015 11:01:43 AM UTC+8, Dakota Pitts-Price wrote: Thanks for your support Les. I find it shocking that for all its amazing features the GAE has, it's built in username/password system is such a second class citizen. I understand the complexity and ease of getting it wrong, which is why I hoping to find an easier to roll out solution than building it from the ground up. Personally I also learn the best that way. I see a modified Django is supported on the GAE. I have no experience with this framework, but I would rather spend the time to learn that than roll out my own Auth system on top of end points. Are there any caveats to using Django on GAE? I understand I wouldn't be able to use the nifty Cloud End Points. I am only currently looking to have 7 REST Apis that deliver JSON plus one or two tasks that run once a day. Is Django over kill for that level of requirements? Is there an easier solution? Sorry about all the questions and thanks again! Dakota On Tuesday, December 30, 2014 10:00:27 PM UTC-10, Les Vogel wrote: Hi Dakota, First off, Identity-Toolkit is separate from Endpoints, so using it would require you rolling your own solution for Endpoints -- similar to what I describe below. What I'm about to describe is a very simplified version of what's necessary, I recommend reading the standard docs for OAuth2 as there are some very subtle and tricky things about security. (ie. I'm simplifying things to answer the Q using our API's and our accounts is best practices, what I'm describing probably could be improved by a security expert) Because of this, I will not be using specific nomenclature to differentiate this from a good solution. Your login mechanism can return a token (like a JWT http://jwt.io/) that should contain at least an identifier of who the user is, an expiration date/time for the token, and be cryptologically signed. You pass that token as one of the parameters in your Endpoint, you ALWAYS validate the signature then the expiration time. If either is invalid, you reject the token. You can include a refresh method, or just require re-login to get a revised token. My go code https://github.com/GoogleCloudPlatform/abelana-gcp/blob/master/endpoints/tokens.go has most of this. One last disclaimer - This stuff is very hard to get right! Below was from a private message I sent about this last week. It has both the Java and Android (java) changes. Where you see the word secret send your token. (This had a constant secret for his application). Regards, Les From: https://github.com/GoogleCloudPlatform/gradle-appengine-templates/tree/master/HelloEndpoints If you look at the code: context = params[0].first; String name = params[0].second; try { return myApiService.sayHi(name).execute().getData(); } catch (IOException e) { return e.getMessage(); } Which came from your java code: @ApiMethod(name = sayHi) public MyBean sayHi(@Named(name) String name) { MyBean response = new MyBean(); response.setData(Hi, + name); return response; } You can see the service sayHi(name) to add the secret, you could do the following redefine your service to include secret: public MyBean sayHi(@Named(secret) Long secret, @Named(name) name) { if(secret != 32753454453456L) return null; ... } And the code would become: return myApiService.sayHi(secret, name).execute().getData(); On Tue, Dec 30, 2014 at 3:40 PM, Dakota Pitts-Price fallen...@gmail.com wrote: Hey Les, If I wanted to have my own login system and still use the Cloud End Points with some form of Auth, how would you advise going about starting this? Thanks for your help :) On Tuesday, December 30, 2014 1:37:07 PM UTC-10, Les Vogel wrote: Hi Dakota, You might wish to look at the Identity-Toolkit https://developers.google.com/identity-toolkit/ or Firebase https://www.firebase.com/ for general purpose Auth. For GAE, you can have general gmail or domain specific auth -- ie all Google accounts (Gmail, Google for Work / Education / Business / Government, and anyone who's logged into Google). Correct - If
[google-appengine] Beginner Questions on Authentication
Hi I am noob looking to expand my knowledge base outside of heavily managed services like Parse. I have done a few jobs in Parse, but I am looking for something that is more flexible and cheaper to use as an App Backend. I think the GAE is a good stepping stone, but I keep coming across the issue of Authentication. First it appears that there is no out of the box easy way to do a simple username and password login. -It seems like the best approach to this is using Django --Is there an equivalent framework in Java that is GAE compatible? Second it appears if you using your own Login system you can't use the builtin Auth with Google Cloud End Points -So it seems if you want to use the builtin Auth with cloud end points and still maintain control of your user login I would need to host my own Oauth2 Service. --Is there a way for me to host my own Oauth2 Service inside of the GAE? --This seems like how AWS works, should I consider just starting on their system instead of GAE? Thanks for reading :) *-Side note* *I have been Googling and researching this for about two days now and am surprised at the communities lack of support for non Google or non major Oauth user authentication in GAE.* *It is out of the question for many of my clients to not have self authentication for their apps/sites.* *So having an easy solution is important for me as I learn how to use a more powerful and complicated service. (pardon my noob, I have only been coding for a year or so)* *Also a lot of people respond negatively saying users don't want another account to remember, users don't want to trust you with their password, and you shouldn't want the responsibility.* *But none of that is true, every app I have worked on when given an option more users use username/password than a third party Oauth provider.* *Thus having the option is curial.* *Also its not unreasonable for a client to not want to rely on a major third party to authenticate their user base.* *I understand that this is putting more responsibility on me, but if the app is a simple little thing I imagine the users use a simple little password. * -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] Beginner Questions on Authentication
Hi Dakota, You might wish to look at the Identity-Toolkit https://developers.google.com/identity-toolkit/ or Firebase https://www.firebase.com/ for general purpose Auth. For GAE, you can have general gmail or domain specific auth -- ie all Google accounts (Gmail, Google for Work / Education / Business / Government, and anyone who's logged into Google). Correct - If you roll your own, you can't use GAE login or Endpoints with Auth enabled. Nor can you roll your own Oauth2 and insert it into Endpoints. You could issue your own Tokens and pass them as parameters, always requiring HTTPS, however. I have a few examples of this using Identity-Toolkit, but they are for Go Android. Regards, Les On Tue, Dec 30, 2014 at 1:10 PM, Dakota Pitts-Price fallenent...@gmail.com wrote: Hi I am noob looking to expand my knowledge base outside of heavily managed services like Parse. I have done a few jobs in Parse, but I am looking for something that is more flexible and cheaper to use as an App Backend. I think the GAE is a good stepping stone, but I keep coming across the issue of Authentication. First it appears that there is no out of the box easy way to do a simple username and password login. -It seems like the best approach to this is using Django --Is there an equivalent framework in Java that is GAE compatible? Second it appears if you using your own Login system you can't use the builtin Auth with Google Cloud End Points -So it seems if you want to use the builtin Auth with cloud end points and still maintain control of your user login I would need to host my own Oauth2 Service. --Is there a way for me to host my own Oauth2 Service inside of the GAE? --This seems like how AWS works, should I consider just starting on their system instead of GAE? Thanks for reading :) *-Side note* *I have been Googling and researching this for about two days now and am surprised at the communities lack of support for non Google or non major Oauth user authentication in GAE.* *It is out of the question for many of my clients to not have self authentication for their apps/sites.* *So having an easy solution is important for me as I learn how to use a more powerful and complicated service. (pardon my noob, I have only been coding for a year or so)* *Also a lot of people respond negatively saying users don't want another account to remember, users don't want to trust you with their password, and you shouldn't want the responsibility.* *But none of that is true, every app I have worked on when given an option more users use username/password than a third party Oauth provider.* *Thus having the option is curial.* *Also its not unreasonable for a client to not want to rely on a major third party to authenticate their user base.* *I understand that this is putting more responsibility on me, but if the app is a simple little thing I imagine the users use a simple little password. * -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- Les Vogel | Cloud Developer Relations | l...@google.com | 408-676-7023 -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] Beginner Questions on Authentication
Hey Les, Thanks for responding so quickly. If I use the Identiy Toolkit thats built into GAE will that allow me to use the built in Auth in the Cloud End Points? Thanks :) On Tuesday, December 30, 2014 1:37:07 PM UTC-10, Les Vogel wrote: Hi Dakota, You might wish to look at the Identity-Toolkit https://developers.google.com/identity-toolkit/ or Firebase https://www.firebase.com/ for general purpose Auth. For GAE, you can have general gmail or domain specific auth -- ie all Google accounts (Gmail, Google for Work / Education / Business / Government, and anyone who's logged into Google). Correct - If you roll your own, you can't use GAE login or Endpoints with Auth enabled. Nor can you roll your own Oauth2 and insert it into Endpoints. You could issue your own Tokens and pass them as parameters, always requiring HTTPS, however. I have a few examples of this using Identity-Toolkit, but they are for Go Android. Regards, Les On Tue, Dec 30, 2014 at 1:10 PM, Dakota Pitts-Price fallen...@gmail.com javascript: wrote: Hi I am noob looking to expand my knowledge base outside of heavily managed services like Parse. I have done a few jobs in Parse, but I am looking for something that is more flexible and cheaper to use as an App Backend. I think the GAE is a good stepping stone, but I keep coming across the issue of Authentication. First it appears that there is no out of the box easy way to do a simple username and password login. -It seems like the best approach to this is using Django --Is there an equivalent framework in Java that is GAE compatible? Second it appears if you using your own Login system you can't use the builtin Auth with Google Cloud End Points -So it seems if you want to use the builtin Auth with cloud end points and still maintain control of your user login I would need to host my own Oauth2 Service. --Is there a way for me to host my own Oauth2 Service inside of the GAE? --This seems like how AWS works, should I consider just starting on their system instead of GAE? Thanks for reading :) *-Side note* *I have been Googling and researching this for about two days now and am surprised at the communities lack of support for non Google or non major Oauth user authentication in GAE.* *It is out of the question for many of my clients to not have self authentication for their apps/sites.* *So having an easy solution is important for me as I learn how to use a more powerful and complicated service. (pardon my noob, I have only been coding for a year or so)* *Also a lot of people respond negatively saying users don't want another account to remember, users don't want to trust you with their password, and you shouldn't want the responsibility.* *But none of that is true, every app I have worked on when given an option more users use username/password than a third party Oauth provider.* *Thus having the option is curial.* *Also its not unreasonable for a client to not want to rely on a major third party to authenticate their user base.* *I understand that this is putting more responsibility on me, but if the app is a simple little thing I imagine the users use a simple little password. * -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com javascript:. To post to this group, send email to google-a...@googlegroups.com javascript:. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- Les Vogel | Cloud Developer Relations | le...@google.com javascript: | 408-676-7023 -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] Beginner Questions on Authentication
Hey Les, If I wanted to have my own login system and still use the Cloud End Points with some form of Auth, how would you advise going about starting this? Thanks for your help :) On Tuesday, December 30, 2014 1:37:07 PM UTC-10, Les Vogel wrote: Hi Dakota, You might wish to look at the Identity-Toolkit https://developers.google.com/identity-toolkit/ or Firebase https://www.firebase.com/ for general purpose Auth. For GAE, you can have general gmail or domain specific auth -- ie all Google accounts (Gmail, Google for Work / Education / Business / Government, and anyone who's logged into Google). Correct - If you roll your own, you can't use GAE login or Endpoints with Auth enabled. Nor can you roll your own Oauth2 and insert it into Endpoints. You could issue your own Tokens and pass them as parameters, always requiring HTTPS, however. I have a few examples of this using Identity-Toolkit, but they are for Go Android. Regards, Les On Tue, Dec 30, 2014 at 1:10 PM, Dakota Pitts-Price fallen...@gmail.com javascript: wrote: Hi I am noob looking to expand my knowledge base outside of heavily managed services like Parse. I have done a few jobs in Parse, but I am looking for something that is more flexible and cheaper to use as an App Backend. I think the GAE is a good stepping stone, but I keep coming across the issue of Authentication. First it appears that there is no out of the box easy way to do a simple username and password login. -It seems like the best approach to this is using Django --Is there an equivalent framework in Java that is GAE compatible? Second it appears if you using your own Login system you can't use the builtin Auth with Google Cloud End Points -So it seems if you want to use the builtin Auth with cloud end points and still maintain control of your user login I would need to host my own Oauth2 Service. --Is there a way for me to host my own Oauth2 Service inside of the GAE? --This seems like how AWS works, should I consider just starting on their system instead of GAE? Thanks for reading :) *-Side note* *I have been Googling and researching this for about two days now and am surprised at the communities lack of support for non Google or non major Oauth user authentication in GAE.* *It is out of the question for many of my clients to not have self authentication for their apps/sites.* *So having an easy solution is important for me as I learn how to use a more powerful and complicated service. (pardon my noob, I have only been coding for a year or so)* *Also a lot of people respond negatively saying users don't want another account to remember, users don't want to trust you with their password, and you shouldn't want the responsibility.* *But none of that is true, every app I have worked on when given an option more users use username/password than a third party Oauth provider.* *Thus having the option is curial.* *Also its not unreasonable for a client to not want to rely on a major third party to authenticate their user base.* *I understand that this is putting more responsibility on me, but if the app is a simple little thing I imagine the users use a simple little password. * -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com javascript:. To post to this group, send email to google-a...@googlegroups.com javascript:. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- Les Vogel | Cloud Developer Relations | le...@google.com javascript: | 408-676-7023 -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.