Using both OAuth and GAE's Users API within a GAE application

Question

I would like to host my Flask-based web application on GAE.

Regular users are authenticated against Google using flask-oauthlib.

However, I would like to authenticate admin users using GAE's Users API, since it provides, among others, the users.is_current_user_admin().

However, it seems that I cannot protect the admin region from app.yaml, because the following configuration is not valid:

# app.yaml
[...]
handlers:
# For admin users
# THIS IS INVALID!
- url: /admin
  login: admin

# For regular users
- url: /.*
  script: main.app

Option 1: Create a separate flask app object in the same GAE application:

# app.yaml
[...]
# For admin users
- url: /admin
  script: admin.app
  login: admin

Is that a good practice? If not, why?

Option 2: Simply implement a function such as:

def is_admin():
  return current_user.email in ["admin1@...", "admin2@...", "admin3@..."]

That is, do not rely on GAE's Users API.

Notes:

Any thoughts (other solutions)?

score 1 · Answer 1 · answered Jan 21 '17 at 20:56

1

I have such mixed logins in my non-Flask app, and my handlers look like this:

handlers:
- url: /admin
  script: main.app
  login: admin

- url: /.*
  script: main.app

No need to have a separate app for admin. I don't know how Flask works, but I would expect this to work for you as well.

answered Jan 21 '17 at 20:56

new name

1 Answers1