Reputation: 8854
Using both OAuth and GAE's Users API within a GAE application
I would like to host my Flask-based web application on GAE.
Regular users are authenticated against Google using flask-oauthlib.
However, I would like to authenticate admin users using GAE's Users API, since it provides, among others, the users.is_current_user_admin().
However, it seems that I cannot protect the admin region from app.yaml, because the following configuration is not valid:
# app.yaml
[...]
handlers:
# For admin users
# THIS IS INVALID!
- url: /admin
login: admin
# For regular users
- url: /.*
script: main.app
Option 1: Create a separate flask app object in the same GAE application:
# app.yaml
[...]
# For admin users
- url: /admin
script: admin.app
login: admin
Is that a good practice? If not, why?
Option 2: Simply implement a function such as:
def is_admin():
return current_user.email in ["admin1@...", "admin2@...", "admin3@..."]
That is, do not rely on GAE's Users API.
Notes:
- there are only a few admin users
- I do not need fine-grained roles at the moment
Any thoughts (other solutions)?
Upvotes: 0
Views: 59
Answers (1)
Reputation: 16563
I have such mixed logins in my non-Flask app, and my handlers look like this:
handlers:
- url: /admin
script: main.app
login: admin
- url: /.*
script: main.app
No need to have a separate app for admin. I don't know how Flask works, but I would expect this to work for you as well.
Upvotes: 1
Related Questions
- How can I manage authorization in GAE using Google Accounts?
- Custom user authentication for GAE project
- GAE - Share user authentication across apps
- Using OAuth2 on GAE in python
- GAE User API with OAuth2
- Python GAE app using 2-legged OAuth and 3-legged OAuth at same time
- GAE and django same users
- Restful authentication between two GAE apps
- User authentication on GAE
- GAE - Sharing Authentication Across Apps