google-app-engine-django: authentication without Google accounts?

views:

520

answers:

+1 Q:

google-app-engine-django: authentication without Google accounts?

google-app-engine-django/ claims to have an "App Engine compatible implementation of the Django authentication framework". Does this authentication work only with Google Accounts? Is it possible to register a user with a username/password and authenticate him/her with that username/password without that user having a Google account?

I would appreciate any pointers to how this could be done with google-app-engine-django without Google Accounts authentication.

+1 A:

Google Account authentication is simply an API provided by App Engine - there's nothing forcing you to use it. As a result, all of Django's facilities except its models (which rely on a relational DB) are available in the helper. However, as far as I'm aware, the helper is deprecated and no longer supported. More recent is app-engine-patch, but even that is deprecated in favor of the new django-nonrel.

Nick Johnson 2010-04-26 09:05:07

Nick - Thanks very much for your very informative response. After seeing the helper deprecated into app-engine-patch, deprecated again in favor of django-nonrel, I got cold feet about Django on GAE, as much as I like Django.I am warming up to GAE's own webapp framework; however, that still leaves the non-Google user registration/authentication/session issue open for me. Would you recommend tipfy as a framework for this? Alternatively, is there a standalone package that can handle this? If not, would it be possible to use relevant parts of the tipfy framework with webapp?

cv12 2010-05-01 04:25:17

I haven't used tipfy, so I can't really recommend it. For your immediate needs, there's my own package, aeoid (http://github.com/arachnid/aeoid) - or, you can wait a bit, as openid and oauth support are on the roadmap.

Nick Johnson 2010-05-01 08:15:18

Nick - Once again, thanks for your answer. My target audience is pretty non-geek, so OpenID and OAuth are not ideal. I asked another question on stackoverflow to explore this a bit more. In short, the use case I have in mind is (1) user registers with e-mail and password (2) user can authenticate with those credentials and the application can maintain a session for the user. So, in short, what I am looking for is a package that allows basic authentication and sessions. I'm surprised GAE does not support this common pattern, but I suspect it has to do with security issues.

cv12 2010-05-01 19:11:25

OpenID doesn't need to be hard for users - check out things like ClickPass, which allow users to simply click on a service they already have. There's certainly no security reason not to have a session library - but there are plenty of third-party ones, such as Django's, already.

Nick Johnson 2010-05-01 20:42:32

+1 A:

The helper only works with google accounts out of the box. They did not fully implement the django.contrib.auth.models.User object, they only implemented what they needed to link it to a google account.

If you want to use the helper, you need to make some changes to the User implementation to fully implement the interface and you'll probably need to modify the middleware for authentication, etc, and change the appengine_django.auth.models.User object so the user = db.UserProperty is no longer required.

dar 2010-04-27 13:10:52

dar - Thanks for the answer. The solution you are suggesting sounds like it is out of my reach. Do you know if anyone has done what you are suggesting?

cv12 2010-05-01 19:17:34

I do not know of any helper forks that have done so.

dar 2010-05-01 23:24:48

ansaurus

tags:

views:

answers:

google-app-engine-django: authentication without Google accounts?

related questions