All geek questions in one place

How can I use a combination of Appengine OpenID and facebook OAuth to authenticate with AppEngine?

Appengine supports a federated login in which arbitrary OpenID providers can be added to the list of parties that can authenticate the user. However, some organizations - especially facebook - do not support OpenID. How can I combine OpenID support with GAE with mechanisms that can support OAuth or other login mechanisms?

More details (suppose GAE Python) ...

My understanding of how the OpenID mechanism works is as follows:

  • I choose Federated Login from my application configuration settings.
  • This allows me to easily add OpenID providers through the create_login_url mechanism
  • There is some google session management used to track authenticated users
  • I control access to resources using login: required in my app.yaml
    • Session management verifies that the user is authenticated before allowing access to these resources.

The problem I have is that I don’t see how this approach approaches facebook OAuth - if access to resources is controlled by Google (behind app.yaml ), where can I insert facebook authentication?

Notes:

  • I know that OpenID and OAuth are different from each other. I'm interested in using facebook for authentication now.
  • I'm sure there are several different ways to deal with this - I'm just wondering if there is some kind of standard approach / best practice.
+6
source share
2 answers

I have worked a bit on this, and my conclusion is that it is not possible to integrate the standard Appengine authentication mechanisms (i.e. provided β€œfree” with Appengine) using facebook OAuth. More specifically, app.yaml can only apply to standard Google mechanisms, and there is no way to extend them to include facebook OAuth. The reason for this is that standard Google mechanisms control sessions, and there is no mechanism for adding new session controls that are recognized by app.yaml .

Of course, you can integrate Google accounts and other login mechanisms using facebook OAuth on Appengine, but for this you need to replicate some of the features that Google provides in its standard authentication mechanisms (especially in the mgmt session).

I posed a more general question comparing the various social authentication options available with Appengine, as I find this interesting / useful, but a little out of scope in this question: here

+4
source

You can take a look at the Tipfy framework , which has Facebook extension authentication, which will allow your users to use their Facebook login for authentication.

+2
source

Source: https://habr.com/ru/post/898589/

More articles:


All Articles