EngineAuth is a standardized approach to third party authentication / authorization, designed to be as simple as possible, both for the developer and the end user.
Warning
EngineAuth is in the very early stages of development and the api is likely to change frequently and in non-backwards compatible ways. Please provide any issues, suggestions, or general feedback through the Issue Tracker, or in the comments section of this documentation.
EngineAuth Example - Example site
Note
If you are unable to view the above image. Please log into your Google Docs account, or log out of Google altogether. There’s currently a Google Docs bug that requires a user to be sign in to Google Docs to view public content.
New strategies will be written as needed. If there’s a particular strategy that your interested in please create a new issues using the strategy request label.
If the provider that you need isn’t provided not to worry, adding additional providers is simple, and in many cases only requires a few lines of code.
Copy the engineauth directory and the contents of lib directory to your project’s root directory.
In your appengine_config.py add:
def webapp_add_wsgi_middleware(app):
from engineauth import middleware
return middleware.AuthMiddleware(app)
engineauth = {
'secret_key': 'CHANGE_TO_A_SECRET_KEY',
'user_model': 'engineauth.models.User',
}
engineauth['provider.auth'] = {
'user_model': 'engineauth.models.User',
'session_backend': 'datastore',
}
# Facebook Authentication
engineauth['provider.facebook'] = {
'client_id': 'CHANGE_TO_FACEBOOK_APP_ID',
'client_secret': 'CHANGE_TO_FACEBOOK_CLIENT_SECRET',
'scope': 'email',
}
# Google Plus Authentication
engineauth['provider.google'] = {
'client_id': 'CHANGE_TO_GOOGLE_CLIENT_ID',
'client_secret': 'CHANGE_TO_GOOGLE_CLIENT_SECRET',
'api_key': 'CHANGE_TO_GOOGLE_API_KEY',
'scope': 'https://www.googleapis.com/auth/plus.me',
}
# Twitter Authentication
engineauth['provider.twitter'] = {
'client_id': 'CHAGNE_TO_TWITTER_CONSUMER_KEY',
'client_secret': 'CHAGNE_TO_TWITTER_CONSUMER_SECRET',
}
Note
Zuckerberg won’t allow you to specify multiple callback domains for a single application. So for development you must create a separate application. Then, in your appengine_config.py you can specify which config will be loaded at runtime.
import os
ON_DEV = os.environ.get('SERVER_SOFTWARE', '').startswith('Dev')
if ON_DEV:
# Facebook settings for Development
FACEBOOK_APP_KEY = 'DEVELOPMENT_APP_KEY'
FACEBOOK_APP_SECRET = 'DEVELOPMENT_APP_SECRET'
else:
# Facebook settings for Production
FACEBOOK_APP_KEY = 'PRODUCTION_APP_KEY'
FACEBOOK_APP_SECRET = 'PRODUCTION_APP_SECRET'
engineauth['provider.facebook'] = {
'client_id': FACEBOOK_APP_KEY,
'client_secret': FACEBOOK_APP_SECRET,
'scope': 'email',
}
When beginning any new web application, that involves users, you’ve probably asked yourself:
Which brings us to:
Note
Objective #1
Provide a clear path for Authentication / Authorization, that is secure, simple to use, and allows users to share their information, effortlessly.
And from a development standpoint you’ve probably ask:
Which brings us to:
Note
Objective #2
The solution should be easy to implement, and easy to extend and share.
EngineAuth brings together ideas and code from many projects:
EngineAuth is licensed under the Apache License 2.0.