OpenID for Google App Engine - google-app-engine

I saw many links over the internet and specifically openid-consumer project (which is a part of http://code.google.com/p/google-app-engine-samples/), but it doesn't work as honestly readme file says.
So what's the latest update on that? Is there any way I can authenticate my web site users with OpenID from someone besides Google (like stackoverflow does)?

I have setup an example app here:
http://github.com/shripadk/authlogic_openid_selector_example
With the source code. It works exactly the way stackoverflow does. Have not implemented facebook auth as its buggy still.

I've just played a bit with the openid-consumer you mention and it actually works. Have you tried to run the sample code standalone, as a separate project?
I've used it in a test application on App Engine and it seems to work alright. I placed the consumer.py, fetcher.py, store.py and then the openid dir in the root dir, then I moved parts of the config in app.yaml from the openid sample app to my app.yaml.
You can check the implementation at http://x-libris.appspot.com. In the upper right corner press Logga in (which is swedish for login). Try using any of the available OpenId providers, so far OpenId, Google, MySpace and Yahoo! are available (I've only tested the first two providers).
It's an Ajax based solution so I did some tweaking of the render method in consumer.py in order to change the templating and the example at openid-demo.appspot.com was handy.
// John

I just noticed the new version of the app engine SDK now includes support for OpenID in the user API
The 1.3.4 release includes support for authentication via OpenID as an experimental feature.
look in the app engine python user API docs for more info about this
This should make this easy to implement (I will start implementing this today !)

try rpxnow.com , they provide multiple options including openid.

Related

App Engine SSL for Custom Domain within Developer Console (not via Google Apps)

When will SSL support for custom domain be available within the developer console, instead of having to go over to Google Apps? I read somewhere it says Q3 of 2015. But seems like people have some ways of getting that to work already. Is it a private beta feature?
Building some apps for a client and they can't get their Google Apps account to work and we already have the custom sub-domain mapped to the GAE, and just need the last piece. Help!
This is the tracking issue, indeed Q3 seems to be more likely: https://code.google.com/p/googleappengine/issues/detail?id=10794
FWIW, I detailed a bit my solution to get things working via Google Apps in this Q&A: AppEngine subdomains to modules without wildcard mapping, maybe it can help with your customer's problems in the meantime.

Setting up custom domains (with subdomains) on Google App Engine with SSL with different versions of app

Problem I want to solve
I want to be able to send different users to different versions of my Google App Engine application, on a custom domain, with SSL enabled. This needs to be done in a controlled way, i.e., even landing page should be different, and it has to work on multiple units for the user.
Solution I can't get to work
I am trying to setup a custom domain with sub-domains, and want to be able to access different versions of the application. For example, I have myapp.mydomain.com, and I want to run one version (alpha) on alpha.myapp.mydomain.com, and one version (beta) on beta.myapp.mydomain.com (where alpha is default).
I use the Google Developers Console to set up custom domains, using myapp.mydomain.com, and *.myapp.mydomain.com as custom domains.
This works perfectly as long as I don't try to add on SSL as well, i.e., beta.myapp.mydomain.com serves the version named beta. When I set up SSL I start by adding my application to Google Apps, (per https://developers.google.com/appengine/docs/ssl) and then set up my domain to point to my app. First I add myapp.mydomain.com, then alpha.myapp.mydomain.com, and last beta.myapp.mydomain.com.
When that is done beta.myapp.mydomain.com start to serve the default version instead. Except that it sometimes also serves the beta version (this happens one in every 20 tries or so, I assume it's a glitch for now).
My questions:
a) Should I set up my domains in both Google Apps and Google Developer Console? Or should I remove the setup from Google Developer Console? I tried both, seems to give the same results.
b) It seems like it is possible to get it done by using modules as indicated in
Google App Engine custom domains, subdomains and SSL and in Appengine modules dispatch.xml routing with custom domain. Is this the only way, or am I doing something wrong in my setup?
Suggestions I have received so far
One suggestion is to use traffic splitting and set a unique cookie depending on what version I want the user to end up with. I did not know about this, and it will solve some other issues I have been looking at. It does not solve my current problem though, as I need to have this set before log in. The answer is useful though.
I'll answer with what I did to make this work for me.
Instead of sending users to different versions of the app, I created a new module called alpha, and directed users using alpha.myapp.mydomain.com to that module using dispatch.xml.
<dispatch>
<url>*alpha.myapp.mydomain.com/*</url>
<module>alpha</module>
</dispatch>
I set up custom domains in the App Engine Console (https://console.developers.google.com) under Compute->App Engine->Custom Domains, for *.myapp.mydomain.com and alpha.myapp.mydomain.com. I also added the URL alpha.myapp.mydomain.com to the accepted URLs for my App Engine app on Google Apps (https://admin.google.com). This allowed me to run over SSL as well.
I intend to run the app under another domain (domain alias to my primary domain), so I tried that as well. To make this work I ONLY added the domain alias in Google Apps as www.mydomainalias.com and alpha.mydomainalias.com, because if I added it to Google App Engine custom domains I got an error message ("We are unable to process your request at this time. Please try again later. (Error #1000)"). I have no idea why it that did not work out.
The easier approach is to do traffic splitting on a cookie level compared to setting up extra subdomains AND extra SSL certificates.
The domain name to access your alpha version does not have to change using this approach.
from the docs :
The response from your app does not already contain a Set-Cookie:
GOOGAPPUID=... header. This allows your app to control which version a
user gets.

User API for Google App Engine far too restrictive?

Looking at the Google App Engine API, it seems that despite all its great features, the User API is extremely limiting. It seems you can only authenticate people who have a Google account, or use an OpenID account, or via some OAuth kung fu (handshaking with a Facebook account etc).
This appears to be a major stumbling block for anyone who wants a proprietary user base by creating user accounts within the application. In short, I don't want my users to have to use or create a Google account to access my app.
Has anyone else come across this limitation and has it been a deal breaker for using the GAE? Am I missing something? It is possible to deploy my own Spring based security etc within the app and use my own User API? Comments on this issue greatly appreciated. Thanks.
You're free to completely ignore the Users API and implement your own authentication system, as you would in any other hosting environment. Nothing about App Engine prevents you from doing so.
The Users API is just there as a convenience, in case you'd like to spare yourself the effort of re-implementing everything, and spare your users the inconvenience of filling out another sign up form and remembering another set of credentials.
You can always implement your own user management system.
In my application I have used spring-security for this purpose. spring security 3.0.1 works perfectly fine with app engine 1.3.5. There may occur some issues integrating other versions of both. I found below links extremely useful :
http://www.google-app-engine.com/blog/post/Spring-security-fix-for-google-app-engine.aspx.
http://www.dotnetguru2.org/bmarchesson/index.php?p=1100
http://groups.google.com/group/google-appengine-java/browse_thread/thread/964e7f5e42840d9c

Grails App Engine Authentication

How do I setup Account Registration, Login, etc in Grails when developing for the Google App Engine? Normally I would use the Acegi plugin but I've read that it doesn't work with Google App Engine.
For reference, I'm using the Grails app-engine and gorm-jpa plugins.
Google App Engine allows you to manage users through their Google Accounts Java API. The page provides example codes which you can easily implement with Groovy.
Hope it helps.
You should take a look at this patch: http://jira.codehaus.org/browse/GRAILSPLUGINS-1233. I haven't used it yet but might be what you are after.
In my opinion, it is essential to create custom authentication instead of using Google Account API to create any viable application run on GAE.
So, I created my own solution to tackle this problem which you may interested to have a look at URL:
http://grailsfuse.vobject.com/
(You will hit http 500 error for first request, please wait for 30 seconds and refresh)
The missing part is the self-registration page and remember me feature. Please contact us (hyperlink located below the page of URL above) if you are still interested.
Wish to heard from you soon!

How are people using Google App-Engine apps with their own domains?

I've been fooling around with the Google App Engine for a few days and I have a little hobby application that I want to write and deploy.
However I'd like to set it up so that users are not directly accessing the app via appspot.com.
Is hosting it through Google Apps and then pointing it at my own domain the only way to go? I looked at that a little bit and it seemed like a pain to implement but maybe I'm just missing something.
My other thought was to write the app-engine piece as a more generic web-service.
Then I could have the user-facing piece be hosted anywhere, written in any language, and have it query the appspot.com url.
Anyone have any luck with the web-service approach?
The reason Google Apps is required is because you need somewhere to a) verify you own the domain (otherwise, you might point it at app engine, then I might hijack it by adding it to my account) and b) set up domain mappings (which subdomains point to which of your appengine apps).
Since this stuff already exists in Apps, it seems silly to duplicate it in AppEngine.
As has been pointed out, it doesn't cost anything, and you do not need to "move" anything to Google. You simple created a cname record with a random name to verify you own the domain, and a cname for the subdomain you wish to point at App Engine. This only takes a few minutes, and once it's done, it's done forever.
Note: If you host your site elsewhere and use webservices, you need to scale the site/frontend. If you host on app engine, you get this for free :-)
I wrote an article on my blog about redirecting *.appspot.com domains to your custom domain to keep your branding:
http://blog.dantup.com/2009/12/redirecting-requests-from-appid-appspot-com-to-a-custom-domain
To do this, I believe you need to be using Google Apps and have a custom domain setup for Google Apps. Then, you deploy your app into your Google Apps domain.
Here is google's official instructions on how to do that:
http://code.google.com/appengine/docs/domain.html
I have used this process for a couple of sites and it is easy and painless, provided you have control on the DNS records for your domain (you should).
OK, we're now at the end of 2017 and things are a lot different regarding App Engine and custom domains. It's easy now!
Go to the app engine dashboard for your app and choose Settings, then go to the Custom Domains tab. From there, choose Add custom domain.
The tricky part is that Google needs to verify that you control the domain, so they ask you to put a TXT record in the DNS for your domain. Once you do that and Google it, you become "verified" as the owner of the domain.
After that, Google will give you a bunch of A and AAAA (for IP6) records to put in your DNS. Once you've done that, you should be good to go.
It can be easily done using request.getRequestURI() method. If the URL doesn't include your domain, just redirect it to the desired URL using
resp.sendRedirect("<your domain>")
Otherwise load a error page using
request.getRequestDispatcher("<error-page>").forward(request, response);

Resources