Firstly, just letting you know I have searched a fair bit here and I am aware of some of the other questions on this topic but none answer my question.
The authentication of the Local GAE differs from the appspot deploy and I need it not to with minimal work-around code.
I'm writing an HTML5 app and I can do the google authentication via a button and it updates all the correct tokens so I can access the profile in either GAE Launched apps or appspot deployed ones.
I need the google account details of the logged in user within the app
I am writing (for API calls to calendar and contacts for example)
, and I'd rather not have to write a login handler only for my local development platform - automated for simplicity or otherwise.
I've read that adding login:required forces a login, and on appspot this works perfectly. Locally it does nothing useful.
I've read that you can write a Python decorator to use #login_required - but I'm not writing in Python (It's php generating an HTML5 page). I could write a bit of a PHP wrapper to handle it, or automate a call in Javascript on page load - but this is the workaround I don't want to write because it's handled in the production environment for me.
I want the login:required option as everything is handled for me in
production
. I have googled the options for the login tag and nothing there suggests I can force a google login in the locally launched app. I have googled the launcher and settings, but nothing seems apparent.
I suppose I could live with the dev workaround, and the app could assume I'm authenticated and the JSON request handlers in my app would just use the login:required with the correct google tokens being passed once I am authenticated.
Do I have any other options?
This sounds like it could be a PHP runtime bug. login:required works fine on the python local dev server. Have you checked the issues page to see if it's been reported?
https://code.google.com/p/googleappengine/issues/list
Otherwise it's possible that it's bypassing the login on your dev server because you have some cookie in your browser indicating that you're already logged in. You might try clearing cookies
Alternatively (at least on the python devserver), you can go to your login page via http://localhost:8000/_ah/login to force a logout (obviously fix the hostname and port number)
There appears to be no way round this other than to write the whole OAuth handler yourself (or get one elsewhere) - significant overkill for a development environment only 'issue'.
I have written the app to handle the getting of the google profile details as it starts and force an authenticate if they are not present.
This means that the login:required will work as expected in the production world and force you to authenticate to google before you even get to the application... then the app just gets the profile details because the tokens are already present.
login:required in the dev environment just puts up a screen which you just 'ok', then the app attempts to gets the profile details but forces the authentication itself because there are no authentication tokens present.
It's unfortunate, but it's a single step in a development that users will not have to use, but it works.
Related
I've got a GAE app that runs a publicly hosted dataset through a model via Flask, displaying the results. I successfully deployed it, and I can access & use it from the account that deployed it, but how do I make it publicly available? Right now from outside my account, I can access the app's index.html at its .appspot.com address, but when I press the app's run-the-model button, I'm taken to a login page instead of my model_result.html.
I've been trying to find an answer here, but am quickly getting out of my depth in terms of IAM terminology.
As Alex pointed out- my app.yaml request handlers need to be set for the behavior I wanted: login: optional (not login: required). Thanks!
I'm trying to find a way to dynamically create a project on Google App Engine using Go following this example.
However, the documentation isn't very clear (at least for me) in how to proceed to authenticate the user and the Go example goes as far as saying:
// TODO: Fill required fields.
I also had a look at the Go Client Library Documentation which made things even more confusing to me.
Has anyone used this API before or have found a way to programatically create a project in App Engine?
When you initialize the API by calling cloudresourcemanager.New(hc), you pass an http client, that in the case of this example is authenticated by using the default credentials from the system. These credentials come from the default service account of App Engine or Compute Engine (not sure about the second though), depending on the environment you are in. If you are outside of Google Cloud, you can follow the instructions on the example:
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk/ and run
// 'gcloud beta auth application-default login'
If you do this, the default credentials will be taken from the user you used to log in on the command gcloud beta auth application-default login. Another possibility would be changing the code to generate the credentials by calling JWTConfigFromJson1, that would explicitly load your credentials from a json file. Here2 you can see an example of how to initialize an http client using this method.
I'm working on a project with Google App Engine. I am using continuous integration via Travis, and wish to be able to deploy directly from it. Due to a bug that will not be resolved directly, I can't rely on Travis' built-in GAE deployment, so I basically have to use mvn appengine:update manually. This requires me navigate to a generated URL and manually paste to the terminal an authentication code, which I can't do in automated builds.
It was suggested to me, however, that I do some Unix magic instead. While I can easily pick out the URL I need to navigate to from grep, I still need to log in to Google with my credentials in order to actually get the authentication code (which I can then grep out and pipe to the deployment program).
Given that, how do I log in to Google with my credentials, using only curl or similar command-line utilities?
I've accomplished similar things in the past using Service Accounts. These are likely a good fit for your problem.
Service Accounts will allow you to authenticate and upload your app without manual intervention.
Overview
A Service Account will allow you to do "passwordless" authentication like you may already do with ssh, and git, etc. by setting up your keys. This will remove the requirement that you log in manually, or follow the road to madness by trying to do a "manual" login automatically.
There are basically two steps:
Create your service account and key (with the right permissions)
Use that credential instead of what you're doing now
Resources
I think it's better to give a list of resources than concrete instructions since it's basically impossible to express concisely (even though it's a simple process, there's bound to be a lot of little things that annoy), everyone's requirements will be slightly different, and Google is likely to change the process at some point.
Using the Google Cloud Platform Console for App Engine | Permissions
Using OAuth 2.0 for Server to Server Applications
Setting up OAuth 2.0 | Service Accounts
gcloud auth activate-service-account
Hopefully that's enough to get you headed in the right direction.
Note
You'll likely have to spend some time looking at your .appcfg_oauth2_tokens_java and sorting out a variety of other annoyances, but I believe that this approach is the best way to solve your problem.
It sounds like you have a pretty straight-forward setup and that a Service Account alone will get you there, but if you need to get a little weird, the App Engine Admin API is always there.
I created a very simple FireBase + Angular app with AngularFire, or rather, I copied the code from the examples. All it does, for now, is allow logging in and out via Google. The code is so simple I don't think there's even a need to post it here.
I tried it on different static files hosting solutions, and got somewhat weird results.
On Google Drive, Dropbox, and Github. Though the pages were served on all of them, no 404 error and no JS errors in the console, the login itself didn't work. What would happen is that the program would launch the login screen and log in the user, but then the angular "auth.user" object stayed null.
The same code exactly, when run on Visual Studio (just by "view file in browser") and also hosted on FireBase's own hosting solution, ran as expected, no problems. Logging in and logging out both worked.
I wondered how that could be, since this is a "no backend" app, or, more precisely, it has the same back-end, i.e. FireBase services.
What is happening here?
explanation on hosting on Google Drive
explanation on hosting on Dropbox and Github
(comments on how to improve this question will be appriciated)
You have to liste the domains that will host your app in the settings of FireBase.
It is in the login and auth tab, the "Authorized Domains for OAuth Redirects" field.
You should put there the domains you want to use, like dropbox.com, etc...
Details here : https://www.firebase.com/docs/web/guide/user-auth.html#section-configuring
Your code works on your local Visual Studio because localhost and 127.0.0.1 are enabled by default.
I am having a weird issue. I created an application on Google App Engine and have a Login with Facebook button on it, for which I am doing server side authentication.
I give the redirect_url, and facebook was calling the URL correctly with no issues. The session parameters that I set were being retrieved on the redirect call and everything was working fine.
Yesterday, I got a domain on godaddy and mapped it to my appspot account using google apps. Now when I click on Facebook login, I am getting two calls on the redirect uri, the first one carries the session varaibles and the session one doesn't. I am not very familiar with domain mapping and followed the steps on Google Apps.
Can anyone help me in the right direction on this.
it's a little out of date, but i documented some GAE to Facebook gotchas here:
http://javagwt.blogspot.com/2010/08/facebook-apps-on-app-engine-without-any.html
It may also help to read about naked domain mapping with godaddy, to make sure you're not getting bounced around. Even though you are mapped to your domain through google apps, you can try to put the redirect URL for facebook as yourappid.appspot.com - the redirect URL you provide, and the one in your facebook app settings must match.
My app, nimbits.com writes to facebook from GAE all of the time - the code is on github under server/facebook
https://github.com/bsautner/com.nimbits/tree/master/nimbits-tds/src/com/nimbits/server
Thanks for the answers bsautner and Michele. I finally figured out the issue. I have google ads on my website. The google ads was trying to parse the URL content and creating a second request for every request that I create. After removing the google ads, I get a single callback with session values retained. It all works now. The final output is this website - www.imagecrashers.com. I will be glad for any suggestions from the gurus here, regarding layout or api calls simplification. Thanks again to all.