Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
airlock
A lightweight wrapper providing Google OAuth2 integration, sessions, XSRF validators, and user management for App Engine apps.
- 0.0.13
- PyPI
- Maintainers
- 1
airlock
Airlock is a lightweight, web-security-concious wrapper for webapp2 on Google App Engine. It provides oauth2 integration for identity management with Google Accounts, sessions, and user management.
Comparison
Airlock is a drop-in replacement for several webapp2 and protorpc
objects. Specifically, it wraps remote.Service, webapp2.WSGIApplication,
and webapp2.RequestHandler to provide authentication and session features
via oauth2 and the oauth2client library.
| original | airlock variant |
|---|---|
protorpc.remote.Service | airlock.Service |
webapp2.RequestHandler | airlock.Handler |
webapp2.WSGIApplication | airlock.WSGIApplication |
User features
- Oauth2 integration with Google Accounts (sign in and sign out).
- Anonymous user/session support.
Security features
- A standard configuration format for specifying the security characteristics of an application.
- Provides a framework for setting the following headers:
- Content security policy.
- HSTS policy.
- XSRF.
Usage
- Download client secrets.
- In appengine config, use airlock.set_config
- Use airlock's subclasses.
- Set up a
Usermodel.
FAQs
A lightweight wrapper providing Google OAuth2 integration, sessions, XSRF validators, and user management for App Engine apps.
We found that airlock demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025
Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
By Sarah Gooding - Jan 24, 2025