CODEWITHSUNDEEP
google-app-engineangularjs
user1395626
user1395626

Reputation: 171

Authenticated app on appengine with angularjs

Setup:

The page content is served from a static file so it is not possible to use users.create_login_url(), users.create_logout_url(), etc.

How do you typically go about users logging in/out, figuring if user is logged in/out, user is admin on an application like this?

Upvotes: 13

Views: 3985

Answers (2)

Kyle Finley
Kyle Finley

Reputation: 12002

I'm actually working on a solution to this problem myself. The project is called Sapling -- it's an AngularJS starter project that covers User management.

This is the approach that I took:

  1. User comes to the site -- load html and javascript

  2. After Angular is loaded make a GET request to '/api/user/me'. If the user is logged in return a representation of the user, E.g.

    { 
  "name": "Bob",
  "admin": false,
  // ect.
}

    If the user is not logged in return a 401 error.

  3. If a user object is returned -- check to see if the user is also and admin. If a 401 is received redirect the user to the login pages (You could create a login page within your Angular app, or if you feel the user will not get confused you could send them to the Google login directly).

So, how do you do this with App Engine's User Service?

In your request handler for the url '/api/user/me'

Call get_current_user() and is_current_user_admin()

  • User is logged in -- append the admin boolean and return the representation of the user as json.

  • User is not logged in -- return a 401 Unauthorized, i.e. response.set_status(401)

How do you direct the user to the login and logout urls?

You can create request handlers at the following urls:

'api/user/login'

webapp2.redirect(users.create_login_url())

'api/user/logout'

webapp2.redirect(users.create_logout_url())

And direct users to them from Angular.

I think that I covered the basics. If you need more details, please let me know.

Upvotes: 7

voscausa
voscausa

Reputation: 11706

See also this question: Limiting access to a static file with GAE when serving static content.

In your handler you can use the user service to find out who logged and if this "user" is an administrator. An example: https://developers.google.com/appengine/docs/python/users/overview

OAUTH2 is a better option if you use a client application.

Upvotes: -2

Related Questions