views:

503

answers:

3

I am building a web application on Google App Engine that requires users to register with the application and subsequently authenticate with it and maintain sessions. I don't want to force users to have Google accounts. Also, the target audience for the application is the average non-geek, so I'm not very keen on using OpenID or OAuth. I need something simple like: User registers with an e-mail and password, and then can log back in with those credentials. I understand that this approach does not provide the security benefits of Google or OpenID authentication, but I am prepared to trade foolproof security for end-user convenience and hassle-free experience.

I explored Django, but decided that consecutive deprecations from appengine-helper to app-engine-patch to django-nonrel may signal that path may be a bit risky in the long-term. I'd like to use a code base that is likely to be maintained consistently. I also explored standalone session/auth packages like gaeutilities and suas. GAEUtilities looked a bit immature (e.g., the code wasn't pythonic in places, in my opinion) and SUAS did not give me a lot of comfort with the cookie-only sessions. I could be wrong with my assessment of these two, so I would appreciate input on those (or others that may serve my objective).

Finally, I recently came across tipfy. It appears to be based on Werkzeug and Alex Martelli spoke highly of it here on stackoverflow. I have two primary questions related to tipfy:

  1. As a framework, is it as mature as webapp? Is it stable and likely to be maintained for some time?
  2. Since my primary interest is the auth/session components, can those components of the tipfy framework be used with webapp, independent of the broader tipfy framework? If yes, I would appreciate a few pointers to how I could go about doing that.
+1  A: 
  1. tipfy seems to have launched around Nov 09 (from author rodrigo.moraes), webapp Feb 09 (according to Google Code commits). So not what I'd call mature but looking promising.
  2. Yes. You can dip in and out of tipfy (a fairly small distro) and also use webapp directly. There is a tipfy tutorial for basic Google Auth and 'own'auth which I'm building around. Oauth and openid support is apparently there but no tutorial as yet.

http://www.tipfy.org/wiki/tutorials/auth/

Of note, apparently tipfy can be used off GAE as well although that's not the developers' focus.

michela
+1  A: 

tipfy itself may not be old, but it uses some of the most mature (jinja , mako and werkzeug ) components. its just a good wrapper. and does it jobs.

it is very comparable to webapp ( and even better...).

you might also want to look for kay framework.

iamgopal
+1  A: 

Q 1) Is it stable?

Yes, the core is 100% tested and stable

Q2) Can auth/session components of tipfy be used with webapp?

probably but with great difficulty..

PedroMorgan