Generating users accounts inside Google App Engine

Question

For a project, I'm going to create an application on Google App Engine where:

• Discussion Leaders can register with their e-mail address (or OpenID or Google Account) on the website itself to use it.
• In the application admin page they can create a group discussion for which they can add users based on their e-mail address
• and these users should then receive generated account details (if they don't have accounts yet) making them able to log in to that group discussion with their newly created account.

I don't want to require discussion leaders to having a Google Account or OpenID account in order to register for the application and all user other accounts must be generated by the discussion leader.

However Google App Engine seems to only support Google Accounts and OpenID accounts. How would I go about this? Is there an existing pattern for creating leader-accounts and generating user-accounts from within the Google App Engine which still support the GAE User API?

Answer 1

The GAE User API is only there to provide you the currently logged-in user and some of his attributes. You will have to store this information anyway in a datastore within, let's say, the User model.

From there you can do whatever you want with your business logic, and how you are going to store/create users based on the emails and what to do with these users, how to group them, etc.

In order to support OAuth login, like Facebook or Twitter, you will have to go with their own API on how to authenticate users from these services (registering keys, asking for permissions, etc). Luckily for you there are plenty of frameworks that are covering this problem, but it depends on your structure and what you are currently using.

(Disclaimer it's mine) Since you are just creating a new app, you can take a look on the gae-init project, which basically is a starting point for your new application that has already Google, Facebook and Twitter logins and storing them in the datastore, where they can change their properties. You will have to be already familiar with GAE though.

Answer 2

If you don't want to require a Google Account or OpenID account you have to roll your own accounts system. This gives you maximum freedom, but it is a lot of work and makes you responsible for password security (ouch). Personally I would advise you to reconsider this requirement -- OpenID especially has a lot going for it (except IIUC it's not so simple to use Facebook).

Answer 3

EngineAuth

A few months ago I developed a python package called EngineAuth. It uses a middleware to intercept request intended for authentication.

Here's an example app:

http://engineauth.scotchmedia.com/

And the source:

https://github.com/scotch/engineauth

EngineAuth has various authentication strategies. One of which is password.

Password takes a password and a string (could be an email). If the string is in the datastore it checks the password against a stored hash. If it matches it logs the user in. If the string is not in the datastore it creates a new user.

EngineAuth also has an appengine_openid strategy which allows you to login users using App Engine Openid.

The nice thing about EngineAuth is that if your user is logged in App Engine OpenID and they then log in with a password, it associates the user with both strategies.

aeauth

I wasn't completely satisfied with EngineAuth, however, so I decided to create a more module design that was more dependent on webapp2. I never completed, as I'm developing the project in Go now, but maybe the code will help.

webapp2 auth

Much of the password functionality of EngineAuth and aeauth was taken from webapp2_extras/auth that might give you a simpilar approach.