问题描述
我最近刚开始使用Google App Engine。我打算使用Flask来为网页和Endpoints API服务,最好是使用Endpoints-Proto-Datastore来处理其他任何事情。
从一开始,GAE上的非Google身份验证机制似乎需要一些工作。我很感激迄今为止发现的任何问题:
自定义身份验证
如果您可以将Open ID提供程序编写为应用程序的一部分,请使用Python-OpenID之类的东西,并在同一工作流程中实现使用者,以使其看起来像常规登录一样。这样它就很好地集成到GAE用户API提供的内容中。
我猜如果这样做是正确的,users.get_current_user()将工作得很好。
如果您想跳过编写自己的OpenID提供程序和而是使用Flask-Login与NDB集成来编写一个电子邮件/密码认证系统,这应该也可以。但是,中的一些令人费解的信息说我可以实例化像这样的用户对象:
user = users.User([email protected]) user.put()方法)a users.get_current_user ()仍然返回无。那么构建用户对象的用法是什么呢?
端点授权
关于在方法装饰器中包含用于端点 - 原始 - 数据存储滚动API的用户= OAuth似乎马上就能工作 - 在API Explorer中测试它时所要做的所有事情就是打开OAuth 2.0开关并选择一个有效的Oauth 2.0范围。那么这是否意味着如果我们实现了一个与用户API正确集成的OpenID提供者,那么仅仅使用Endpoints API的OAuth魔力是不够的?
这里同样,构建用户对象似乎无助于满足认证要求。
自定义身份验证/另一个OpenID实现如何与Endpoint API身份验证/授权一起使用?
我不想使用oAuth,而是使用user / token的简单形式的身份验证。 b
因此,我所做的是创建一个映射到/ _ah / spi / *的自定义ServletFilter,并从那里拦截HTTPServletRequest中的登录信息(如果它是Endpoint-API-Request)。 >
到目前为止工作似乎有效,但我不确定这是否应该走。但是,由于我没有发现任何非oAuth-Auth的例子,所以这是我最好的选择。
想要从@bossylobster或@ Dan Holevoet。
I recently got started with Google App Engine. I intend to use Flask to serve web pages and the Endpoints API, preferably with the Endpoints-Proto-Datastore for everything else.
From the beginning, non-Google Authentication mechanisms on GAE seem like they need some work. I'd appreciate any light shed on issues I've found so far:
Custom Authentication
If you can write an Open ID provider as part of the app, use something like Python-OpenID and also implement a consumer in the same workflow so it appears like regular login. This way it integrates nicely into what the GAE Users API provides.I'm guessing if this is done right, users.get_current_user() will work just fine.
If you want to skip writing your own OpenID provider and instead write an email/password auth system using Flask-Login integrating with NDB, that should be alright too. However, one puzzling bit of info in the GAE documentation says I can instantiate a user object like so:
user = users.User("[email protected]")
However, (there is no user.put() method here) a users.get_current_user() still returns None. So what would the use of constructing the user object ever be?
Endpoints Authorization
On including a user=required in the method decorator for an Endpoint-Proto-Datastore rolled API, OAuth seems to work right away - all you have to do while testing it in the APIs explorer is to turn on the OAuth 2.0 switch and pick a valid Oauth 2.0 Scope. So does that mean that if we implement a OpenID provider that integrates with the Users API correctly, it won't be sufficient to use the OAuth magic of Endpoints API?
Here too, it seems like constructing a user object will not help satisfy the authentication requirement.
How would custom authentication / another OpenID implementation work with Endpoint API authentication/authorization?
I wanted to not use oAuth, but a simpler form of Authentication with user/token.
So what I've done is create a custom ServletFilter that maps to /_ah/spi/* and intercepts login information from the HTTPServletRequest there, if it is an Endpoint-API-Request.
Seems to work thus far, but am not really sure if that is the way to go. But as I've found no examples for non-oAuth-Auth anywhere, that's currently my best shot.
Would love to get some best practice hints from @bossylobster or @Dan Holevoet.
这篇关于Google App Engine:使用自定义身份验证或Open ID时的端点身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!