Webapp2 for Authentication and Login

zzz picture zzz · Oct 3, 2011 · Viewed 12.4k times · Source

I would like to roll my own login system for my python Google App Engine application (rather than using Google's users api).

I am using webapp2, and I noticed that there is a webapp2_extras.auth module and an incomplete auth tutorial.

Does anyone know how I can use this API to create:

  • User Registration (take an email and password, and perhaps verify email)
  • User Login with email and password

Once I have the email and password, where do I store it? In the AuthStore? And how do I authenticate against the AuthStore?

Answer

Nick Johnson picture Nick Johnson · Oct 4, 2011

How and where you store user credentials and information is entirely up to you; the webapp2 module you reference merely provides an interface you must conform to if you want to use its features. An obvious (perhaps the only sensible) choice would be the datastore.

I'd strongly, strongly recommend using the built in OpenID support instead of rolling your own, though. By doing so, you're forcing users to create yet another username and password, and you're taking on a whole set of password storage and security hassles for yourself.