Menu
I am implementing Cloud Endpoints with a Python app that uses custom authentication (GAE Sessions) instead of Google Accounts. I need to authenticate the requests coming from the Javascript client, so I would like to have access to the cookie information.
Reading this other question leads me to believe that it is possible, but perhaps not documented. I'm not familiar with the Java side of App Engine, so I'm not quite sure how to translate that snippet into Python. Here is an example of one of my methods:
class EndpointsAPI(remote.Service):
@endpoints.method(Query_In, Donations_Out, path='get/donations',
http_method='GET', name='get.donations')
def get_donations(self, req):
#Authenticate request via cookie
where Query_In and Donations_Out are both ProtoRPC messages (messages.Message). The parameter req in the function is just an instance of Query_In and I didn't find any properties related to HTTP data, however I could be wrong.
404
Endpoints is a distributed API management system. It provides an API console, hosting, logging, monitoring, and other features to help you create, share, maintain, and secure your APIs.
For Endpoints, the Service Manager proxy is deployed in your own infrastructure (be it App Engine, Cloud Run, a Compute VM, or non-GCP machines). For Apigee, the proxies are deployed in their own infrastructure. There are a bunch of other differences, but where it runs is the one that stands out for me.
Cloud Endpoints is a user-managed service whereas API Gateway is a fully managed service. Both support the same OpenAPI definition format. The main difference is that API Gateway can route a request to multiple backends, but Cloud Endpoints can route traffic only to a single backend.
First, I would encourage you to try to use OAuth 2.0 from your client as is done in the Tic Tac Toe sample.
Cookies are sent to the server in the Cookie Header and these values are typically set in the WSGI environment with the keys 'HTTP_...' where ... corresponds to the header name:
http = {key: value for key, value in os.environ.iteritems()
if key.lower().startswith('http')}
For cookies, os.getenv('HTTP_COOKIE') will give you the header value you seek. Unfortunately, this doesn't get passed along through Google's API Infrastructure by default.
UPDATE: This has been enabled for Python applications as of version 1.8.0. To send cookies through, specify the following:
from google.appengine.ext.endpoints import api_config
AUTH_CONFIG = api_config.ApiAuth(allow_cookie_auth=True)
@endpoints.api(name='myapi', version='v1', auth=AUTH_CONFIG, ...)
class MyApi(remote.service):
...
This is a (not necessarily comprehensive list) of headers that make it through:
HTTP_AUTHORIZATIONHTTP_REFERERHTTP_X_APPENGINE_COUNTRYHTTP_X_APPENGINE_CITYLATLONGHTTP_ORIGINHTTP_ACCEPT_CHARSETHTTP_ORIGINALMETHODHTTP_X_APPENGINE_REGIONHTTP_X_ORIGINHTTP_X_REFERERHTTP_X_JAVASCRIPT_USER_AGENTHTTP_METHODHTTP_HOSTHTTP_CONTENT_TYPEHTTP_CONTENT_LENGTHHTTP_X_APPENGINE_PEERHTTP_ACCEPTHTTP_USER_AGENTHTTP_X_APPENGINE_CITYHTTP_X_CLIENTDETAILSHTTP_ACCEPT_LANGUAGE
189
For the Java people who land here. You need to add the following annotation in order to use cookies in endpoints:
@Api(auth = @ApiAuth(allowCookieAuth = AnnotationBoolean.TRUE))
source
(Without that it will work on the local dev server but not on the real GAE instance.)
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
