Is there a framework to aid in the authentication process when using Google Appengine?

Question

Is there a framework to aid in the authentication process when using Google Appengine?

Navigation

#1 by (3 votes)

1

I do not want to use session in the application. Would Spring Security be the only option? In this case it would be a SPA application.

java single-page-application spring-security framework google-app-engine

asked by anonymous 20.06.2016 / 03:37

1 answer

How do I save the values of a String in a Double variable? How to convert a DataSet to Int32?

score 3 · Accepted Answer

I do not advise using Spring Security , in itself it is very good. It is widely used and all problems are solved with high priority. However, as with most technologies, if you use it improperly, your application will not be secure.

Yes, it is possible to use other authentication processes when talking about authentication with Google App Engine .

Various ways

According to Google's own documentation, there are several means, some of them are:

Google Identity Toolkit

Provides various user authentication options including Google, Facebook, Yahoo, Microsoft, Paypal, and AOL. It also supports the largest number of users while retaining the least amount of code.

Google Sign-In

Google login that offers Gmail and Google Apps to join together with support for one-time passwords (OTP). It is the easiest method to support Google-only accounts, or support Google accounts in an existing login system.

OAuth 2.0 and OpenID Connect

OpenID Connect allows you to manipulate and use authentication tokens with more customization.

Users API

Uses the built-in API App Engine user service to authenticate Google and Google Apps accounts.

Code examples

A Google documentation code, which exemplifies security and authentication through Google App Engine :

 <security-constraint>
        <web-resource-collection>
            <web-resource-name>profile</web-resource-name>
            <url-pattern>/profile/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>admin</web-resource-name>
            <url-pattern>/admin/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

Note: Google App Engine domain administrators and App Engine domain administrators are not included in the role of administrator in this context. Only application developers, such as those in the Role Viewer / owner / developer, can access these parts of the application.

Security restrictions apply to static files as well as servlets.

To learn more, take a look at their documentation here .

Users API:

Adding a new context:

c := appengine.NewContext(r)

Getting the current user:

if u := user.Current(c); u != nil {
        g.Author = u.String()
}

key := datastore.NewIncompleteKey(c, "Greeting", guestbookKey(c))
_, err := datastore.Put(c, key, &g)
if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
        return
}
http.Redirect(w, r, "/", http.StatusFound)

Note that if the user is not logged in, an HTTP status code of 302 redirects the browser to the Google account login screen.

OAuth 2.0 and OpenID Connect:

 // Create a state token to prevent request forgery.
  // Store it in the session for later validation.
  $state = sha1(openssl_random_pseudo_bytes(1024));
  $app['session']->set('state', $state);
  // Set the client ID, token state, and application name in the HTML while
  // serving it.
  return $app['twig']->render('index.html', array(
      'CLIENT_ID' => CLIENT_ID,
      'STATE' => $state,
      'APPLICATION_NAME' => APPLICATION_NAME
  ));

In the code above I'm creating a unique token session. And the code below sends a request request to Google.

https://accounts.google.com/o/oauth2/v2/auth?
 client_id=424911365001.apps.googleusercontent.com&
 response_type=code&
 scope=openid%20email&
 redirect_uri=https://oauth2-login-demo.example.com/code&
 state=security_token%3D138r5719ru3e1%26url%3Dhttps://oauth2-login-demo.example.com/myHome&
 [email protected]&
 openid.realm=example.com&
 hd=example.com

A request for request ends up looking like this in your final code:

POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
Content-Type: application/x-www-form-urlencoded

code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=8819981768.apps.googleusercontent.com&
client_secret={client_secret}&
redirect_uri=https://oauth2-login-demo.example.com/code&
grant_type=authorization_code

Search for and learn more about these technologies

Both of the technologies mentioned above work to authenticate with Google App Engine . What I can suggest is that you search more about these frameworks to understand better what each one can offer you. Google's own official articles for you to take a closer look at each one.

link