User authentication with webapp2 on Google App Engine

Google App Engine for Python ships with the capability to manage user accounts without the need of any additional library. This functionality is, however, insufficiently documented. This post will be structured as a step-by-step tutorial addressing user registration, login, password reset and a few other details.

The webapp2 framework on Google App Engine for Python 2.7 is definitely a step forward from the original webapp.
Despite the increase in flexibility and functionality, however, there are a few items that are still more laborious than in other frameworks. The most notable aspect is user account management.

Unsurprisingly, since it is meant to run on Google’s App Engine, using Google Accounts with webapp2 takes one line of code. OpenID authentication, while still defined experimental, is almost trivial to implement as well. There are some open source projects like SimpleAuth that attempt to offer a standard and unified API to handle signing in with Google, OAuth and OpenID accounts.

While it generally makes sense to offer support for authentication through popular services – it decreases friction for new users to try a service – in some cases users may prefer having a special login to access your application.

As experience teaches us, managing passwords securely is not a trivial task, and users legitimately expect application developers to take all the necessary measures to protect their passwords.

Since this is a use case that has to be considered countless time, there is significant value in using library functions to handle user accounts.

Here is how to do that using the functionalities embedded in the webapp2_extras package that is distributed with all standard installations of App Engine for Python 2.7.

Continue reading

About these ads

Hiring: you are doing it wrong

English: Uncle Sam recruiting poster.Looking for a job in the tech sector is a challenge. A lot has been written about the process itself and its quirks, ranging from programming puzzles to whiteboard interviews. However, there are still a few details that are often overlooked by most companies and can make a significant difference for perspective applicants.

Even when recruiters try to do all they can to make the application and hiring process as easy as possible, it is extremely common that the jobs or careers sections of their websites do not contain all the information applicants would need to make an informed choice. And when the information is present, it is often arranged in a way that is not effective or clear enough.

This article contains a selection of the most frequently neglected details; information that is valuable for applicants but, for a combination of good and bad reasons, is often hidden or not present at all.

If your company is hiring, try to figure out how easily a candidate can find an answer to these questions by looking at your website:

If the answer to any of these questions does not come immediately, the careers section of your website may be cleverly designed and communicate a great image of your company, but it is probably disconnected from the needs of its users: the people you are trying to hire.

Continue reading

A bit of confusion around Google Bookmarks?

Let’s start with two quick facts:

1. Google recently refurbished Google Bookmarks (after neglecting them for a couple of years), giving them more importance in search and allowing us to share them with friends more easily.

2. Meanwhile, a different team (I guess), implemented Bookmark Sync from Chrome, a new features that synchronizes bookmarks with a Google account (quite handy when you routinely use Chrome on many computers). Those bookmarks end up in a read-only directory in your Google Docs space.

I’m now wondering: why do we have two different sets of entities, called bookmarks, that

  • share some similarities,
  • are stored in different places,
  • serve (slightly) different purposes,
  • have the same name.

Isn’t that confusing?