I would like to roll my own login system for my python Google App Engine application (rather than using Google's users api).
I am using webapp2, and I noticed that there is a webapp2_extras.auth module and an incomplete auth tutorial.
Does anyone know how I can use this API to create:
- User Registration (take an email and password, and perhaps verify email)
- User Login with email and password
Once I have the email and password, where do I store it? In the AuthStore?
And how do I authenticate against the AuthStore?
How and where you store user credentials and information is entirely up to you; the webapp2 module you reference merely provides an interface you must conform to if you want to use its features. An obvious (perhaps the only sensible) choice would be the datastore.
I'd strongly, strongly recommend using the built in OpenID support instead of rolling your own, though. By doing so, you're forcing users to create yet another username and password, and you're taking on a whole set of password storage and security hassles for yourself.
New answer to an old question: Anyone looking to add own authentication and login to webapp2 on Google App Engine should consider Google App Engine Boilerplate.
Signup, login, logout, password reset, federated login (Google, Twitter, Facebook, etc), user profiles, etc are implemented.
Technologies leveraged include, Python 2.7, NDB, Jinja2, WTForms, unittest, webtest, pyquery, OpenID (Google App Engine), and OAuth2 (for federated login providers that do not support OpenID).
Online demo is here.