All geek questions in one place

How can I log in to an arbitrary user system in appengine for use with a storage SDK?

I have an application that must log into a special disk account and automatically perform file operations using the cron job. I initially tried to use the domain administrator login to do this, however I cannot do any testing with the domain administrator, as it seems that you cannot use the test server with the domain administrator account, which makes testing my application somewhat impossible

As such, I started looking at storing oauth tokens, especially update tokens, to automatically log into this account after the initial setup. However, all of the APIs and documentation assume that several individual users are logged in manually, and I cannot find functionality in the oauth APIs that allow or allow login to anything other than the current user.

How can I achieve this to test my code on a test domain? Can I do this without writing my own oauth library and doing oauth requests manually? Or is there a way to get domain administrator authorization to work on a local test server?

+4
source share
2 answers

You can upload the credentials for a single account in the data warehouse using the Remote API , which can be included in your app.yaml file:

 builtins: - remote_api: on

Performing

 remote_api_shell.py -s your_app_id.appspot.com

from the command line you will have access to a shell that can be run in your application environment. Before doing this, make sure your application is deployed (more about local development below) and make sure that the source for google-api-python-client enabled by pip installing and running enable-app-engine-project /path/to/project to add it to your App Engine project.

Once you get to the remote shell (after executing the remote command above), follow these steps:

 from oauth2client.appengine import CredentialsModel from oauth2client.appengine import StorageByKeyName from oauth2client.client import OAuth2WebServerFlow from oauth2client.tools import run KEY_NAME = 'your_choice_here' CREDENTIALS_PROPERTY_NAME = 'credentials' SCOPE = 'https://www.googleapis.com/auth/drive' storage = StorageByKeyName(CredentialsModel, KEY_NAME, CREDENTIALS_PROPERTY_NAME) flow = OAuth2WebServerFlow( client_id=YOUR_CLIENT_ID, client_secret=YOUR_CLIENT_SECRET, scope=SCOPE) run(flow, storage)

NOTE. If you did not deploy the application with the google-api-python-client code, this will not succeed, since your application will not know how to make the same import data that you did on your local computer, for example. from oauth2client.appengine import CredentialsModel .

When run is called, your web browser will open and offer you to accept OAuth access for the client you specified with CLIENT_ID and CLIENT_SECRET , and upon successful completion, it will save the CredentialsModel instance in the repository of your_app_id.appspot.com deployed application and it will save it using KEY_NAME provided by you.

After that, any caller in your application, including your cron jobs, can access these credentials by doing

 storage = StorageByKeyName(CredentialsModel, KEY_NAME, CREDENTIALS_PROPERTY_NAME) credentials = storage.get()

Local development:

If you want to test this locally, you can run the application locally via dev_appserver.py --port = PORT / path / to / project

and you can execute the same commands using the remote API shell and specify it in your local application:

 remote_api_shell.py -s localhost:PORT

Once you are here, you can execute the same code that you did in the remote api shell, and in the same way, an instance of CredentialsModel will be stored in the data store of the local development server.

As stated above, if you do not have the correct google-api-python-client modules, this will not work.

EDIT: This is used to recommend using the interactive console at:

 http://localhost:PORT/_ah/admin/interactive

but it was discovered that this did not work because socket did not work properly in the App Engine developer sandbox.

+5
source

This article explains how to interact with Google Drive on behalf of users in your domain using Domain Admin to delegate domain authority at the service account level.

This article explains how to interact with Drive belonging to your application using the Service Account .. p>

Please note that both methods use JWT-based service accounts and which currently need a modified version of google-api-python-client to work with App Engine.

Unlike the Google App Engine Service account , JWT-based service accounts must work with the development server.

+3
source

Source: https://habr.com/ru/post/1446584/

More articles:


All Articles