Home/ Questions/Q 3442942
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T08:43:51+00:00

I’m refactoring for a client an app that should support OpenID, Facebook Connect and

  • 0

I’m refactoring for a client an app that should support OpenID, Facebook Connect and custom authentication (email+password).
Suppose that i have:

class MyUser(db.Model):
    pass
class Item(db.Model):
    owner = db.ReferenceProperty(MyUser)

I was thinking to implement different authentication systems this way:

class OpenIDLogin(db.Model): # key_name is User.federated_identity()? User.user_id()?
    user = db.ReferenceProperty(MyUser)

class FacebookLogin(db.Model): # key_name is Facebook uid
    user = db.ReferenceProperty(MyUser)

class CustomLogin(db.Model): # key_name is the user email
    user = db.ReferenceProperty(MyUser)
    password = db.StringProperty()

Is there a better solution? There is already an answer here but i can’t understand if that’s the right solution for me.
I’ve already developed an app using the Users API and another one using Facebook Connect in the past, so i know how to deal with the both, the problem is to wire them together. Switching to another framework isn’t an option unfortunately.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First i used something like:

    key_name = '%s|%s' % ('facebook', facebook_uid)

    and:

    key_name = '%s|%s' % ('myapp', email)

    It’s good and lookup is fast, but it lacks support for multi-provider login (i.e. user wants to be able to login using both google and facebook).

    This is my actual solution:

    class User(db.Model):
    accounts = StringListProperty() # ['facebook|1234', 'google|4321']
    email = StringProperty()
    password = StringProperty()

    Lookup is slower but it’s done just once on login, after that i store user.key().id() in session and use that. It’s also good because you can link the user to an email/password combo. The downside is that you must enforce uniqueness manually on your keys (email, facebook id, google id etc…).

    • 0