简体繁体 English

在Google App Engine中自定义登录

[英]Customize login in Google App Engine

原文 2009-06-15 08:03:22 8 3 python/ google-app-engine/ authentication/ registration

I need to add few more options for login and therefore need to customize create_login_url with some HTML code. 我需要添加一些其他登录选项，因此需要使用一些HTML代码自定义create_login_url。

Is there a way to add on your code in default login screen of Google? 是否可以在Google的默认登录屏幕上添加代码？

Environment: Python (Google App Engine) 环境：Python（Google App Engine）

I want to continue having the default Google ext class Users behavior in place. 我想继续使用默认的Google ext class Users行为。

3 个解决方案

Nick Johnson recently released an alpha version of a WSGI middleware that you could use. Nick Johnson最近发布了您可以使用的WSGI中间件的Alpha版本。 The API is very similar to the standard Users API in app engine. 该API与应用引擎中的标准Users API非常相似。 It is a way to support auth via OpenID (something Alex Martelli suggested in his answer ). 这是一种通过OpenID支持身份验证的方式（Alex Martelli在他的回答中提出了建议）。 Therefore you are able to support Google as Identity Provider as well as others. 因此，您能够支持Google以及其他身份提供商。 If you only want to support Google accounts for some reason, you could certainly only whitelist them though. 如果您仅出于某种原因仅想支持Google帐户，则可以将其列入白名单。

Nick's blog announcement also lists some things to consider (these might be deal-breakers for you): 尼克的博客公告还列出了一些需要考虑的事情（对您而言，这些可能会破坏交易）：

Users are identified uniquely by their OpenID endpoint. 用户由其OpenID端点唯一标识。
You can't construct a User object without specifying an OpenID URL. 如果不指定OpenID URL，则无法构造User对象。
Nicknames and email addresses are user-supplied, so they're not guaranteed unique or validated. 昵称和电子邮件地址是用户提供的，因此不能保证它们是唯一的或经过验证的。
is_current_user_admin() is not yet implemented. is_current_user_admin（）尚未实现。
login: clauses in app.yaml are not affected by AEoid - they still authenticate using the regular Users API. login：app.yaml中的子句不受AEoid的影响-它们仍使用常规的Users API进行身份验证。

You can't customize the login page. 您无法自定义登录页面。 Allowing you to do so would introduce the possibility of XSS vulnerabilities, as well as making it harder for users to identify a legitimate login page. 允许您这样做会引入XSS漏洞的可能性，并使用户更难识别合法的登录页面。

If you want to provide for federated login, you may want to simply redirect users to an interstitial page that allows them to pick standard Google login, or one of a number of other services. 如果要提供联合登录，则可能只需要将用户重定向到一个插页式页面，使他们可以选择标准的Google登录名或其他多种服务之一。

You might consider OpenID, through any of the various open-source app engine projects for the purpose, such as this one for Django. 你可能会考虑的OpenID，通过任何不同的开源应用程序引擎项目的目的，比如这一个 Django的。

You can't use the existing Users module with those (save perhaps with some serious hacking, but I have not attempted such feats and would not necessarily recommend them;-), but the various projects in question tend to offer usable replacements. 您不能将它们与现有的Users模块一起使用（也许可以避免一些严重的黑客攻击，但是我没有尝试过这种壮举，因此不一定会推荐它们；-)，但是有问题的各种项目往往会提供可用的替代品。

Making your own login pages is also not too hard with these approaches, of course, since you start with all the sources to the "OpenID consumer" you choose to use. 当然，使用这些方法创建自己的登录页面也不太困难，因为您从选择使用的“ OpenID使用者”的所有源开始。

I don't know if all the domains you want to support are OpenID providers (though I don't see why any site supporting its own user logins wouldn't also be an OpenID provider -- it's easy and makes it more valuable for users to have logins on that site!-), but I hope this will take you some part of the way towards your goal! 我不知道您要支持的所有域是否都是OpenID提供程序（尽管我看不到为什么任何支持自己的用户登录的网站也都不是OpenID提供程序-这很容易，并且对用户更有价值才能在该站点上登录！-），但我希望这将带您实现目标！