Hi Dave, On Sun, Aug 9, 2009 at 9:05 AM, Dave <[email protected]> wrote:
> > In studying the AuthSub sample code at this location: > http://code.google.com/appengine/articles/gdata.html > > I am confused about the comments pasted below. In the "elif" case, how > can there be a token without there being a current (logged in) user? > In order for the app to have received a token to begin with, didn't it > have to know which user was accessing the app? Could you give me a > scenario in which there would be a token, but the user hasn't logged > in yet? > > The only case I can think of is if the user just logged in at the page > to grant them the token (from client.GenerateAuthSubURL), but hasn't > yet logged into my app (using the link generated by > users.create_login_url). If I am right about this, then could I avoid > this by always first requiring my user to login to my app, before > checking to see if they have a token? Yes, that is the approach I recommend. I included the elif check in the same code because for whatever reason you may decide to not require users to sign in. Perhaps you are using your own accounts system in the app (which would require modifying the sample quite a bit) instead of using Google Accounts. Thank you, Jeff > > > Thanks, > Dave > > session_token = None > # Find the AuthSub token and upgrade it to a session token. > auth_token = gdata.auth.extract_auth_sub_token_from_url > (self.request.uri) > if auth_token: > # Upgrade the single-use AuthSub token to a multi-use session > token. > session_token = client.upgrade_to_session_token(auth_token) > if session_token and users.get_current_user(): > # If there is a current user, store the token in the datastore > and > # associate it with the current user. Since we told the client > to > # run_on_appengine, the add_token call will automatically store > the > # session token if there is a current_user. > client.token_store.add_token(session_token) > elif session_token: > # Since there is no current user, we will put the session token > # in a property of the client. We will not store the token in > the > # datastore, since we wouldn't know which user it belongs to. > # Since a new client object is created with each get call, we > don't > # need to worry about the anonymous token being used by other > users. > client.current_token = session_token > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
