All geek questions in one place

Go to client to access applications requiring GAE login

I wanted to authenticate myself (Google account) with the golang client with secure applications in the Google App Engine, where login: required or login: admin is specified in app.yaml.

At first I wrote a simple standalone OAuth2 client, but it didn’t work at all - the server simply redirects clients to the login page of the Google account. I tried with various areas of the Google APIs and currently have no luck.

 package main import ( "context" "fmt" "io" "log" "os" "golang.org/x/oauth2" "golang.org/x/oauth2/google" ) const ( AppURL = "https://login-requried-app.appspot.com" AuthClientID = "....." AuthClientSecret = "....." AuthRedirectURL = "urn:ietf:wg:oauth:2.0:oob" AuthScope = "https://www.googleapis.com/auth/cloud-platform" ) func main() { ctx := context.Background() conf := &oauth2.Config{ ClientID: AuthClientID, ClientSecret: AuthClientSecret, Endpoint: google.Endpoint, RedirectURL: AuthRedirectURL, Scopes: []string{AuthScope}, } url := conf.AuthCodeURL("state", oauth2.AccessTypeOffline) fmt.Printf("Visit the URL for the auth dialog: %v\n", url) fmt.Printf("Enter authentication code: ") var code string if _, err := fmt.Scan(&code); err != nil { log.Fatal(err) } tok, err := conf.Exchange(ctx, code) if err != nil { log.Fatal(err) } client := conf.Client(ctx, tok) res, err := client.Get(AppURL) if err != nil { log.Fatal(err) } defer res.Body.Close() log.Println(res.Status) io.Copy(os.Stdout, res.Body) }

I am looking for information on the GAE user authentication modes used in such applications for writing a client without a web browser. I feel that this is something other than standard OAuth2 authentication / authorization after reading documents and App Engine user APIs that receive user information through HTTP headers such as X-AppEngine-User-Email .

UPDATE:. After some research, it looks like the GAE interface uses a SACSID cookie to track authenticated sessions, which is not related to the OAuth2 standard. Indeed, as stated in the user API :

Please note that using OAuth to identify your users is completely orthogonal to standard user authentication modes. For example, pages marked with login: required or login: admin will refuse to load if the user only authenticates through OAuth.

Is there a supported way for a CLI application to obtain the SACSID duly authorized with user consent?

Related questions:

+5
source share
1 answer

Given the situation you explain here, I suggest using a remote API . This way you can access App Engine services from your Go app.

First you must configure your app.yaml file by adding the following:

 - url: /_ah/remote_api script: _go_app

You also need to add the following import to the source .go file:

 import _ "google.golang.org/appengine/remote_api"

When this is done, deploy the updated application to App Engine:

 gcloud app deploy app.yaml

The website I cited here gives an example of using the remote API. You can try and adapt your code if this works for you.

+1
source

Source: https://habr.com/ru/post/1275253/

More articles:


All Articles