Google App Engine: Facebook server side authentication

When you’re working with devices without JavaScript or in cases where the user has disabled JavaScript you’ll need to work out strategies to do your stuff on the server-side. A classic case is form validation using JavaScript, which fails when you don’t have a server side verification system and allows users to post junk onto your site.

I’ve just converted a small script shown in this example on Facebook’s site that does the same thing, but on PHP. This code closely emulates the one that leads to the link above.

Another case you might need this is because Facebook has scrapped its Python API support since OAuth 2.0 has been introduced.

There are some limitations to this application, one of which is as Facebook prevents POST headers, you can’t integrate this method into a canvas.
It builds upon the sessions example I’ve covered in the previous post.

The build up of the program is as follows:

There are 3 files:

  1. state_variable.py : A class that generate state variable –  a unique combination of 13/27 characters that Facebook generates when you make a request. the variable ‘code’ in the URL of a Facebook application.
  2. session_module.py: This is a class that handles the sessions. It must be inherited by any class that uses sessions. Refer to the post (the link) which covers it for more information on it.
  3. main.py: This is the main Python program that Google App Engine handles. The two step procedure to check whether the URL has the ‘code’ request variable in the request header if so continue with OAuth authentication, else redirect the user to the Facebook page on which he gives permissions/authenticates the application.

It really is a primitive code for sandboxing purposes, you’ll need to refine the code with exception handling and other stuff to actually deploy it.

Any bugs/suggestions are always welcome. I really don’t know if I’ll be working on this in any near future. I just wanted this application in public, so that if anybody needs it they can build upon this code.

The link to the code repository is here.

Google App Engine: Sessions

With the advent of Google App Engine (Python 2.7) and WebApp2, there have been many changes in the way people code on Google App Engine. WebApp2 includes a Session Management script in the module ‘webapp2_extras

This is a simple sessions example with Google App Engine with Python 2.7 and WebApp2. The code is self explanatory. I haven’t implemented exceptions and errors as I won’t be using this snippet of code anymore. But figuring out something is the fun part isn’t it?

Session Module:

#Import sessions for session handling
import webapp2
from webapp2_extras import sessions

#This is needed to configure the session secret key
#Runs first in the whole application
myconfig_dict = {}
myconfig_dict['webapp2_extras.sessions'] = {
    'secret_key': 'my-super-secret-key-somemorearbitarythingstosay',
}

#Session Handling class, gets the store, dispatches the request
class BaseSessionHandler(webapp2.RequestHandler):
    def dispatch(self):
        # Get a session store for this request.
        self.session_store = sessions.get_store(request=self.request)

        try:
            # Dispatch the request.
            webapp2.RequestHandler.dispatch(self)
        finally:
            # Save all sessions.
            self.session_store.save_sessions(self.response)

    @webapp2.cached_property
    def session(self):
        # Returns a session using the default cookie key.
        return self.session_store.get_session()
#End of BaseSessionHandler Class

Main Module:

import webapp2
from webapp2_extras import sessions
import session_module

#MainHandler class where we write code for ourselves
class MainHandler(session_module.BaseSessionHandler):
 def get(self):

  if self.session.get('counter'):
   self.response.out.write('Session is in place')
   counter = self.session.get('counter')
   self.session['counter'] = counter + 1
   self.response.out.write('Counter = ' + str(self.session.get('counter')))
  else:
   self.response.out.write('Fresh Session')
   self.session['counter'] = 1
   self.response.out.write('Counter = ' + str(self.session.get('counter')))
#End of MainHandler Class

#The application starts running after this is interpreted
app = webapp2.WSGIApplication([('/', MainHandler),], config = session_module.myconfig_dict)