Use OAuth Authentication in Python App Engine

14 Jan 2017

We can authenticate user using an access token. Calling OAuth Google API to get the email from an access token is not difficult. There are a myriad of options here.

The tricky part is how to make google.appengine.api.users.get_current_user().email() return the email authenticated with OAuth.

After looking at the code, we simply can override the env USER_EMAIL, and email() will return that email.

But I can't find a way to make google.appengine.api.users.is_current_user_admin() return correct value. We could probably call an API to see if the email is an admin and override USER_IS_ADMIN. But that's a bit too much work.