在Google App Engine中使用python寻找openid + oauth hybrid的优秀示例/模板

Question

我已经单独实现了oauth和openid(即,使用OpenId登录,使用OAuth对Google Data API单独授权)并希望将它们组合在一起.

目前我的app.yaml中有以下内容

- url: /_ah/login_required
  script: main.py

- url: .*
  script: main.py
  login: required

然后,在main.py我有:(为清晰起见,删除了导入)

def getClient():
    client =  gdata.calendar.service.CalendarService()
    consumer_key = 'my-app.appspot.com'
    consumer_secret = 'consumersecret'
    client.SetOAuthInputParameters(
        gdata.auth.OAuthSignatureMethod.HMAC_SHA1,
        consumer_key=consumer_key, 
        consumer_secret=consumer_secret)
    gdata.alt.appengine.run_on_appengine(client)
    return client

class OAuthOne(webapp.RequestHandler):
    def get(self):
        client = getClient()
        request_token = client.FetchOAuthRequestToken(oauth_callback='http://my-app.appspot.com/oauth2')
        client.SetOAuthToken(request_token)
        auth_url = client.GenerateOAuthAuthorizationURL()
        self.redirect( auth_url )

class OAuthTwo(webapp.RequestHandler):
    def get(self):
        client = getClient()
        token_from_url = gdata.auth.OAuthTokenFromUrl(self.request.uri) 
        if not token_from_url:
            self.redirect('/oauth')
        else:
            client.SetOAuthToken(token_from_url)
            oauth_verifier = self.request.get('oauth_verifier', default_value='')
            client.UpgradeToOAuthAccessToken(oauth_verifier=oauth_verifier)
            self.redirect('/')

class MainPage(webapp.RequestHandler):

    def get(self):
        self.user = users.get_current_user()
        self.template_values = {}
        if self.user:
            # do calendar api stuff here
            self.template_file = 'templates/index.html'
        else:
            self.template_file = 'templates/denied.html'

        path = os.path.join(os.path.dirname(__file__), self.template_file)
        self.response.out.write( template.render(path, self.template_values) )

application = webapp.WSGIApplication(
                                 [('/oauth', OAuthOne),
                                  ('/oauth2', OAuthTwo),
                                  ('/_ah/login_required', OpenIDHandler),
                                  ('/', MainPage)],
                                 debug=True)

def main():
    run_wsgi_app(application)

if __name__ == "__main__":
    main()

另请参阅main.py,来自http://code.google.com/googleapps/marketplace/tutorial_python_gae.html

class OpenIDHandler(webapp.RequestHandler):
    def get(self):
        """Begins the OpenID flow and begins Google Apps discovery for the supplied domain."""
        login_url = users.create_login_url(dest_url='http://my-app.appspot.com/',
                                             _auth_domain=None,
                                             federated_identity='gmail.com')
        self.redirect( login_url )

至于混合协议,这里有一个PHP示例,这里有一个java示例,但我找不到任何python的东西.

我假设魔法的开始需要在我的OpenIDHandler中发生,并且我需要使用除了之外的其他东西users.create_login_url().谷歌的文档在这里告诉我,我需要"创建进行探索,使认证请求的机制." 和'添加OAuth功能到身份验证请求'(这里有更多的文档),但据我所知,不是如何做到这一点.至少不是Python.

在此页面上有一个原始http请求稍低的示例

https://www.google.com/accounts/o8/id
?openid.ns=http://specs.openid.net/auth/2.0
&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select
&openid.identity=http://specs.openid.net/auth/2.0/identifier_select
&openid.return_to=http://www.example.com/checkauth
&openid.realm=http://www.example.com
&openid.assoc_handle=ABSmpf6DNMw
&openid.mode=checkid_setup
&openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0
&openid.oauth.consumer=www.example.com
&openid.oauth.scope=http://docs.google.com/feeds/+http://spreadsheets.google.com/feeds/

但我不知道如何使用它.

因此除了帮助它成为最佳实践的光辉榜样之外,我真的需要知道如何"为身份验证请求添加OAuth功能".