[google-appengine] Session Token without current user?

Sun, 09 Aug 2009 09:06:12 -0700 

In studying the AuthSub sample code at this location:
   http://code.google.com/appengine/articles/gdata.html

I am confused about the comments pasted below. In the "elif" case, how
can there be a token without there being a current (logged in) user?
In order for the app to have received a token to begin with, didn't it
have to know which user was accessing the app? Could you give me a
scenario in which there would be a token, but the user hasn't logged
in yet?

The only case I can think of is if the user just logged in at the page
to grant them the token (from client.GenerateAuthSubURL), but hasn't
yet logged into my app (using the link generated by
users.create_login_url).  If I am right about this, then could I avoid
this by always first requiring my user to login to my app, before
checking to see if they have a token?

Thanks,
Dave

    session_token = None
    # Find the AuthSub token and upgrade it to a session token.
    auth_token = gdata.auth.extract_auth_sub_token_from_url
(self.request.uri)
    if auth_token:
      # Upgrade the single-use AuthSub token to a multi-use session
token.
      session_token = client.upgrade_to_session_token(auth_token)
    if session_token and users.get_current_user():
      # If there is a current user, store the token in the datastore
and
      # associate it with the current user. Since we told the client
to
      # run_on_appengine, the add_token call will automatically store
the
      # session token if there is a current_user.
      client.token_store.add_token(session_token)
    elif session_token:
      # Since there is no current user, we will put the session token
      # in a property of the client. We will not store the token in
the
      # datastore, since we wouldn't know which user it belongs to.
      # Since a new client object is created with each get call, we
don't
      # need to worry about the anonymous token being used by other
users.
      client.current_token = session_token


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to