I want to use Google Prediction from a Python Google App Engine Application. Google Prediction requires you to store your "prediction models" in Google Storage for Developers, in effect meaning that to use GP you must use GSD. Unfortunately, both GP and GSD seem to require OAuth 2.0 .
This Oauth stuff is really getting in the way though! All the examples I find seem to deal with the case of wanting for access a users data/credentials/identity/whatever using Oauth. I have no need for that. I simply want to access a resource (GP and GSD) from my server using http request. Repeat, I just want to use some of their services, I have no need at all to access any other users information!
I can see from my Google API console that I have created both a id and secret for my GAE applications domain. Is it not possible to just use these values to do OAuth authentication to other Google API's? Effectively saying "I am the application at domain xyz, here are my credentials, let me use your API"? It seems kind of ridiculous that Google is currently forcing people to use such a burdensome authentication system for things that they are trying to get people to try out?
I am hoping there is some magical awesome library that will take care of all these OAuth details for me. Short of that, a code example of how to do these things in Python App Engine would be useful. I just want to use the Google Prediction and Google Storage for Developers services from my python GAE app, but I am blocked by the burden of having to configure all of this OAuth stuff. Isn't there some easy way to do this?
Look at the Google API Python Client. You should just be able to put your tokens in and connect. There are some examples on the page that should give you enough information to connect in.
I'm the Product Manager at Google working on the Prediction API. The first thing I want to say is thank you for trying out the API and for reaching out to the world about your issues! We hear you! We are very aware of the difficulty of using the API in some cases and some of the pain OAuth2.0 can cause for the simple use cases. In particular I tried to do exactly what you were doing a few weeks ago and was myself rather frustrated! We're working on it!
OK, so, that's all nice and dandy, but do I have anything helpful for you? Hopefully I do! I managed to get my GAE application working with GP -- I shelved the GSD component for the moment as I ran out of time, so hopefully somebody else can lend you some sample code for that (it should involve using boto & OAuth to handle the tricky bits).
from apiclient.discovery import build
from oauth2client.client import OAuth2Credentials
# You can find an example oauth2client in the python prediction sample code
# Replace everything in <>'s
credentials = OAuth2Credentials(
"<access_token>", #probably empty string
"<client_id>",
"<client_secret>",
"<refresh_token>",
<Expiry>, # Probably None
"https://accounts.google.com/o/oauth2/token",
"<app_useragent>")
http = credentials.authorize(httplib2.Http())
service = build("prediction", "v1.3", http=http)
You should be able to get the client id an client secret from the API console. You can use any sample application or demo, e.g. the python sample code, to generate a refresh token.
Best of luck! Feel free to followup directly with me (zg#google.com) or post to our public discussion list (prediction-api-discuss#googlegroups.com) if you still have any trouble.
Related
I'm working on a project with Google App Engine. I am using continuous integration via Travis, and wish to be able to deploy directly from it. Due to a bug that will not be resolved directly, I can't rely on Travis' built-in GAE deployment, so I basically have to use mvn appengine:update manually. This requires me navigate to a generated URL and manually paste to the terminal an authentication code, which I can't do in automated builds.
It was suggested to me, however, that I do some Unix magic instead. While I can easily pick out the URL I need to navigate to from grep, I still need to log in to Google with my credentials in order to actually get the authentication code (which I can then grep out and pipe to the deployment program).
Given that, how do I log in to Google with my credentials, using only curl or similar command-line utilities?
I've accomplished similar things in the past using Service Accounts. These are likely a good fit for your problem.
Service Accounts will allow you to authenticate and upload your app without manual intervention.
Overview
A Service Account will allow you to do "passwordless" authentication like you may already do with ssh, and git, etc. by setting up your keys. This will remove the requirement that you log in manually, or follow the road to madness by trying to do a "manual" login automatically.
There are basically two steps:
Create your service account and key (with the right permissions)
Use that credential instead of what you're doing now
Resources
I think it's better to give a list of resources than concrete instructions since it's basically impossible to express concisely (even though it's a simple process, there's bound to be a lot of little things that annoy), everyone's requirements will be slightly different, and Google is likely to change the process at some point.
Using the Google Cloud Platform Console for App Engine | Permissions
Using OAuth 2.0 for Server to Server Applications
Setting up OAuth 2.0 | Service Accounts
gcloud auth activate-service-account
Hopefully that's enough to get you headed in the right direction.
Note
You'll likely have to spend some time looking at your .appcfg_oauth2_tokens_java and sorting out a variety of other annoyances, but I believe that this approach is the best way to solve your problem.
It sounds like you have a pretty straight-forward setup and that a Service Account alone will get you there, but if you need to get a little weird, the App Engine Admin API is always there.
Looking at the Google App Engine API, it seems that despite all its great features, the User API is extremely limiting. It seems you can only authenticate people who have a Google account, or use an OpenID account, or via some OAuth kung fu (handshaking with a Facebook account etc).
This appears to be a major stumbling block for anyone who wants a proprietary user base by creating user accounts within the application. In short, I don't want my users to have to use or create a Google account to access my app.
Has anyone else come across this limitation and has it been a deal breaker for using the GAE? Am I missing something? It is possible to deploy my own Spring based security etc within the app and use my own User API? Comments on this issue greatly appreciated. Thanks.
You're free to completely ignore the Users API and implement your own authentication system, as you would in any other hosting environment. Nothing about App Engine prevents you from doing so.
The Users API is just there as a convenience, in case you'd like to spare yourself the effort of re-implementing everything, and spare your users the inconvenience of filling out another sign up form and remembering another set of credentials.
You can always implement your own user management system.
In my application I have used spring-security for this purpose. spring security 3.0.1 works perfectly fine with app engine 1.3.5. There may occur some issues integrating other versions of both. I found below links extremely useful :
http://www.google-app-engine.com/blog/post/Spring-security-fix-for-google-app-engine.aspx.
http://www.dotnetguru2.org/bmarchesson/index.php?p=1100
http://groups.google.com/group/google-appengine-java/browse_thread/thread/964e7f5e42840d9c
so my idea is pretty simple. But I don't know where to start.
develop a simple RESTful API on my app engine server using the simple webapp framework.
there will be two kinds of clients:
1. Normal pc users access the facebook application, and this will directly place API calls to my app engine server.
( Please note, that the facebook application itself is hosted on the same app engine server)
Iphone users access my app engine server by going though Facebook connect. The user is then free to make the API calls.
So how i checked the App3 Project at http://code.google.com/p/app3/, then didn't really have authentication in place.
Any suggestions/ideas?
I have a rough idea of how the flow works
Assumption: I have the datastore all set up with user data.
For normal PC users accessing my FB app:
--> authenticate in FB ->I save their userid + facebook_session_key in with gmemsess -> I use both data to authenticate with the user data in my datastore --> that user is now free to CRUD on my server.
For iphone users, it's the same flow. But with Facebook Connect.
the CRUD should look something like:
if the user wants to check his/her stats, the API call would be something like:
/rest/getstats
Is anyone actually doing something like that? I'd appreciate everyone's insights.
A simple, hassle free solution would be awesome!
Well, this might not be exactly what you've been looking for, but here's my try:
To do simple REST on app engine, you can try Jim Fulton's excellent library, bobo (here's a link to the REST section of the documentation). Bobo is a well-tested, simple package that contains only one fily, bobo.py, so it perfectly fits a minimalistic application's need. You can simply put it on top of webapp.
Note that the decorators shown in the documentation need to be converted to python2.5-style to work, so
#bobo.resource('/rest/getstats', 'GET')
def get_stats(self, request):
"Get user's stats"
would become
def get_stats(self, request):
"Get user's stats"
get_stats = bobo.resource('/rest/getstats', 'GET')(get_stats)
and such. This should be an easy approach to REST.
As for the authentication, you could pipe repoze.who into the WSGI pipeline. There are a some very simple repoze.who plugins for the facebook API out there in the wild (unfortunately none of them on pypi), I wrote a very simple one myself for a simple Facebook application a while ago. You can check it out here, along with a brief wiki and some dependency graphs that might help keep your app lightweight and memory-efficient. (Note on the dependency graphs there: some of the Zope libraries has been simplified since then; for Facebook authentication to work, you only need zope.interface.)
Maybe I didn't really give you anything specific (or useful), but these are just a few links you can take a look at, they might come in handy.
I would like to write a client application for Android that uses the Google App Engine as a database backend. My Android client would connect to the App Engine to save information, then it would connect later for reports. Is it possible to use the App Engine as a backend like this?
If you're looking for something like the remote api that the App Engine has in python, then you'll be disappointed to find it missing in Java.
That said, absolutely nothing stops your from hitting your app and posting data either through POST / JSON / XML / any other format you can think of. The same thing goes for getting your reports back.
If security is a concern, the OAuth protocol allows you to authenticate to app engine from your android device.
This is an aside, but as far as reporting is concerned, you might not find the app engine a very suitable platform for reporting type apps. Just make sure you understand its limitations - the lack of joins, 1000 object limit, no sum / average, necessary indexes, etc. It's certainly not impossible, but do think carefully about how you're going to model your data.
Yes, it is possible.
Without more details in your question, any more details in the answer would be speculation.
Yes, its very much possible. It's something I am also currently working on.
My code uses HTTP GET and HTTP POST and I am using a RESTful service on the GAE.
I'm sorry I can't provide any code because I am still learning however the library I'm using is called RESTLET. They have libraries for both GAE and Android however I'm only using RESTLET on the GAE and I'm just using the HTTP library in the Android SDK for the client.
http://www.restlet.org/
The version you require is 2.0 M6 and not the stable release.
No.
In your response to Laurence, you said you want a direct DB connetion. A client cannot connect directly to the GAE datastore. You must write web handlers to interface between the client and your data. It doesn't have to be much, but it must be something.
Yes, it is very possible. You would not connect directly to the GAE database though. A better architecture would be to make your app hit a URL that writes to the DB. For example, you could set up a Struts 2 action that takes the values of your query parameters and then mutates and validates them as necessary before persisting them.
How do I setup Account Registration, Login, etc in Grails when developing for the Google App Engine? Normally I would use the Acegi plugin but I've read that it doesn't work with Google App Engine.
For reference, I'm using the Grails app-engine and gorm-jpa plugins.
Google App Engine allows you to manage users through their Google Accounts Java API. The page provides example codes which you can easily implement with Groovy.
Hope it helps.
You should take a look at this patch: http://jira.codehaus.org/browse/GRAILSPLUGINS-1233. I haven't used it yet but might be what you are after.
In my opinion, it is essential to create custom authentication instead of using Google Account API to create any viable application run on GAE.
So, I created my own solution to tackle this problem which you may interested to have a look at URL:
http://grailsfuse.vobject.com/
(You will hit http 500 error for first request, please wait for 30 seconds and refresh)
The missing part is the self-registration page and remember me feature. Please contact us (hyperlink located below the page of URL above) if you are still interested.
Wish to heard from you soon!