Ive spent days searching the web and im drawing a blank -im new to python too! I simply want to integrate RPX (janrain) into Appengine - loads of code for the script inserts and the return of the openid token - that's all great - but other than that no-one seems to take it any further as in actually creating an openid login that works - why? i assume no session management?
Here is a simple class handler that gets the TOKEN for the open id and then makes a fetch to grab the users profile. All very simple using RPX.
simple handler to get the response from RPX
class RPXHandler(webapp.RequestHandler):
def get(self):
token = self.request.get('token')
url = 'https://rpxnow.com/api/v2/auth_info'
args = {
'format': 'json',
'apiKey': '#YOUR KEY#',
'token': token
}
r = urlfetch.fetch(url=url,
payload=u开发者_如何学JAVArllib.urlencode(args),
method=urlfetch.POST,
headers={'Content-Type':'application/x-www-form-urlencoded'}
)
json = simplejson.loads(r.content)
logging.info(json)
if json['stat'] == 'ok':
unique_identifier = json['profile']['identifier']
nickname = json['profile']['preferredUsername']
email = json['profile']['email']
# log the user in using the unique_identifier
# this should your cookies or session you already have implemented
self.redirect('static/loggedin.html')
else:
self.redirect('static/error.html')
Now # here is where the problem starts - ideally we could be lazy and just log them into Google accounts - but their is no method to log a user in ie;
user.login(email)
so that abandons any hope of using google accounts - and to fair if we have open id - why bother!
SO...
What i need is my own user datastore - thats simple - and some means of identifying if the user is logged in - sessions? But in AppEngine their is no support for sessions.
I have found a few class libarys which say they deal with this but it all looks badly documented and without good code examples
Can anyone help?
GAE gives you access to a database, right? Generate a secure token and store it with the user URL returned by RPX in the database. Set the secure token as a cookie so that you get it on every request - look the token up in the database and then do the rest from there.
While I'm worried about performance it actually works pretty well fro me.
there is a GAE recipe that should help
http://appengine-cookbook.appspot.com/recipe/accept-google-aol-yahoo-myspace-facebook-and-openid-logins/
精彩评论