Single Sign-On with Google Apps + App Engine

2020-07-02 10:41发布

站内问答 / 前沿技术
698 5 4

Is it possible to achieve SSO with the built-in OpenId on App Engine? I've been trying to integrate a Marketplace app and get the user logged in when coming from Google Apps (the admin panel or universal navigation). I failed miserably, then now I found this:

"The one exception to this is applications which do hybrid OpenID/OAuth — whitelisting does not currently work with this approach." (from here)

I assume that I have to implement OpenId using a library instead of using the built-in one to achieve SSO with Google Apps in my app? Or if it is possible with built-in OpenId, is there an example anywhere that shows how to do this?

5条回答
不美不萌又怎样
2楼-- · 2020-07-02 11:03

Later Google posted an article about how to do it in Python:

http://code.google.com/googleapps/marketplace/tutorial_python_gae.html

The summary is:

  • You must whitelist your "OpenID realm" (the app domain) in the Marketplace manifest XML.
  • The entry point used for the Google's universal navigation must contain the current Google Apps domain.
  • The entry point in your app redirects the user passing the Google Apps domain as federated_identity.

For example:

from google.appengine.api import users

# [...]

login_url = users.create_login_url(dest_url='http://my-app.appspot.com/',
                                   _auth_domain=None,
                                   federated_identity=google_apps_domain_name)
self.redirect(login_url)
查看更多
0人赞 添加讨论(0) 举报
3楼-- · 2020-07-02 11:20

Err, I haven't got the full scoop on this feature, but I do use both JanRain Engage (which Stackoverflow uses) with GAE apps. I think openid4java could do the job as well.

查看更多
0人赞 添加讨论(0) 举报
聊天终结者
4楼-- · 2020-07-02 11:22

Did you already know this link?

UserService userService = UserServiceFactory.getUserService();

if (userService.isUserLoggedIn()) {
  User user = userService.getCurrentUser();
  /* ...Do something with user.getFederatedIdentity(), which is the OpenID URL. */
}
查看更多
0人赞 添加讨论(0) 举报
在下西门庆
5楼-- · 2020-07-02 11:24

you didn't specify which language you are using. if it is java there is google library for openid+oauth.

http://code.google.com/p/step2/

查看更多
0人赞 添加讨论(0) 举报
够拽才男人
6楼-- · 2020-07-02 11:27

This worked for me in Java: 

Set<String> attributesRequest = new HashSet<String>();
String loginRealm = "http://myapp.appspot.com"; //Important that it is exactly the same as in application-manifest.xml, watch out for trailing slashes.
String destinationURL = req.getRequestURI() + "?" + req.getQueryString();
String federatedIdentity = null;
String authDomain = req.getParameter("hd"); //hd is the default parameter name. Contains the google apps domain name of the user logging on. example.com for example.
String loginUrl = userService.createLoginURL(destinationURL, federatedIdentity, authDomain, attributesRequest);

Make sure to include 

<Edition id="free">
    <Name>Cloud App Studio</Name>
    <Extension ref="navLink" />
    <Extension ref="realm" />
</Edition>

in the application-manifest.xml. That is, if it's free. The important part is to include the ref to realm.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)