A lightweight wrapper providing Google OAuth2 integration, sessions, XSRF validators, and user management for App Engine apps.
Airlock is a lightweight, web-security-concious wrapper for webapp2 on Google App Engine. It provides oauth2 integration for identity management with Google Accounts, sessions, and user management.
Airlock is a drop-in replacement for several webapp2 and protorpc objects. Specifically, it wraps remote.Service, webapp2.WSGIApplication, and webapp2.RequestHandler to provide authentication and session features via oauth2 and the oauth2client library.
## User features
- Oauth2 integration with Google Accounts (sign in and sign out).
- Anonymous user/session support.
## Security features
- A standard configuration format for specifying the security characteristics of an application.
- Provides a framework for setting the following headers: * Content security policy. * HSTS policy. * XSRF.
1. Download client secrets. 1. In appengine config, use airlock.set_config 1. Use airlock’s subclasses. 1. Set up a User model.