I'm working on a python GAE app for a web site and I'm trying to get federated login going on it.
According to the Identity Platform choosing guide the best solution for a web site appears to be the Google Identity Toolkit (web). Went through all the related docs I could find then moved on to the tutorials, where I hit a bump - installing the identity-toolkit-python-client
package failed with C compilation errors related to a cffi library, similar to this one:
# python -m pip install identity-toolkit-python-client
...
gcc -pthread -fno-strict-aliasing -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -DNDEBUG -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -DOPENSSL_LOAD_CONF -fPIC -I/usr/include/python2.7 -c src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_a269d620xd5c405b7.c -o build/temp.linux-x86_64-2.7/src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_a269d620xd5c405b7.o
src/cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_a269d620xd5c405b7.c:2:20: fatal error: Python.h: No such file or directory
#include <Python.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1
I managed to eventually install the package correctly after installing some specific packages for my linux distribution, but these failures lead to my actual question (the tutorials are pretty generic, I couldn't spot any hint about GAE restrictions).
From the GAE python sandbox documentation only pure python code is supposed to be present in GAE apps:
All code for the Python runtime environment must be pure Python, and not include any C extensions or other code that must be compiled.
I don't see the identity toolkit included in the GAE SDK or its 3rd party libraries, which as far as I understand means I'd have to install it as a 3rd party library in my own app. But the pure python code restriction applies to these libs as well:
You can add any third-party library to your application, as long as it is implemented in "pure Python" (no C extensions) and otherwise functions in the App Engine runtime environment.
Hence the question in the title.
Am I missing something?
Thanks.
So far I'm using webapp2 and jinja2.
That doesn't hold 100%, supported 3rd party libs like PyCrypto, numpy lxml all have 'C' based extensions, but these are all supported directly by google. You just can't add your own that are not on the list.
See 3rd party libs doc https://cloud.google.com/appengine/docs/python/tools/libraries27
You have to draw a distinction between "3rd Party Libraries" supported by Google vs 3rd party libs you supply yourself.
Also you haven't said what framework that you are using. You may find it is worth looking at authomatic http://peterhudec.github.io/authomatic/
Out of the box support for:
After much digging I finally got things going.
Both answers from Tim Hofman and dsalama applied, but what really tipped the scale was this answer: How to import lib folder within Modules which made me realize that the 3rd party libs doc is not quite OK for apps with modules located in a separate directories (typical documented app structure https://cloud.google.com/appengine/docs/python/modules/#Python_Configuration)
Basically the vendoring scheme must be applied as needed for each and every module which uses 3rd party libs:
lib
directory (or the libs themselves, depending on the vendoring scheme used) must be visible/accessible in each module directoryappengine_config.py
file with the vendoring code visible side by side with the module's.yaml
file since the module doesn't have access to the file located in the app's root directory (if the chosen vendoring scheme relies on such file)According to this thread from the Identity Toolkit forum, you can use Identity Toolkit in the App Engine sandbox by including PyCrypto v2.6 or later.
To do so, add the following to your app.yaml file: