drgbpq5930 2018-02-09 08:14
浏览 73

转到客户端以访问GAE登录所需的应用

I wanted to authenticate myself (Google Account) using a golang client against protected apps on Google App Engine where login: required or login: admin is specified in app.yaml.

First I wrote a simple OAuth2 offline access client but it didn't work at all - the server just redirects clients to Google Account's sign in page. I've tried with various Google API scopes and currently no luck.

package main

import (
    "context"
    "fmt"
    "io"
    "log"
    "os"

    "golang.org/x/oauth2"
    "golang.org/x/oauth2/google"
)

const (
    AppURL           = "https://login-requried-app.appspot.com"
    AuthClientID     = "....."
    AuthClientSecret = "....."
    AuthRedirectURL  = "urn:ietf:wg:oauth:2.0:oob"
    AuthScope        = "https://www.googleapis.com/auth/cloud-platform"
)

func main() {
    ctx := context.Background()
    conf := &oauth2.Config{
        ClientID:     AuthClientID,
        ClientSecret: AuthClientSecret,
        Endpoint:     google.Endpoint,
        RedirectURL:  AuthRedirectURL,
        Scopes:       []string{AuthScope},
    }

    url := conf.AuthCodeURL("state", oauth2.AccessTypeOffline)
    fmt.Printf("Visit the URL for the auth dialog: %v
", url)
    fmt.Printf("Enter authentication code: ")

    var code string
    if _, err := fmt.Scan(&code); err != nil {
        log.Fatal(err)
    }
    tok, err := conf.Exchange(ctx, code)
    if err != nil {
        log.Fatal(err)
    }

    client := conf.Client(ctx, tok)

    res, err := client.Get(AppURL)
    if err != nil {
        log.Fatal(err)
    }
    defer res.Body.Close()

    log.Println(res.Status)
    io.Copy(os.Stdout, res.Body)
}

I'm looking for the details of GAE's user authentication modes used in such apps to write a non web browser client. I feel it's something different than standard OAuth2 authentication/authorization after reading App Engine Users API docs and code that is receiving user information via HTTP headers like X-AppEngine-User-Email.

UPDATE: After some research it looks like the GAE frontend uses SACSID cookie for tracking authenticated sessions, which isn't related to the OAuth2 standard. Indeed as stated in Users Go API document:

Note that using OAuth to identify your users is completely orthogonal to the standard user authentication modes. For example, pages marked with login: required or login: admin will refuse to load if the user is only authenticated via OAuth.

Is there any supported way for a CLI application to acquire SACSID properly authorized by user's consent?

Related questions:

  • 写回答

1条回答 默认 最新

  • dongpa3109 2018-02-15 16:41
    关注

    Given the situation you explain here, I suggest using a remote API. This way you can access App Engine services from your Go app.

    First you have to configure your app.yaml file by adding the following:

    - url: /_ah/remote_api
  script: _go_app

    You also have to add the following import to your .go source file:

    import _ "google.golang.org/appengine/remote_api"

    When this is done, deploy your updated app to App Engine:

    gcloud app deploy app.yaml

    The website I included here includes an example on how to use the remote API. You can try it and adapt your code if this works for you.

    评论

报告相同问题?

悬赏问题

  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器