Menu
I'm currently new into the AppEngine world, and wanting to create a backend using Cloud Endpoints for a mobile application that I'm developing.
One of my problem right now is about the user's authentication. I've been following the Udacity's MOOC on App Engine, and they taught us how to authenticate the user for API request using a Google Accounts. On the backend side, we simply have to add a User parameter to our method, and check if the user is signed in. As far as I know, this user parameter is generated by App Engine, based on the Authorization header of our request. (might need some confirmation there)
Now, there's a bunch of stuff I'm not sure to understand and that weren't that well explained on this MOOC.
Now, I'd like to know if this is compatible with other OAuth schemes, beside Google? So, if I want to implement Facebook authentication, will I simply pass the facebook access token?
From what I searched, using the Facebook SDK on Android would lead me to be able to generate a User Access Token, which identifies my user to facebook. After sending it to my backend, I would want to check it's validity with Facebook, and if it's valid, create a new user to my application. Now, I'd also want to generate a new token that identify the user to my app. What would I need to do to do so?
491
Google Cloud APIs use the OAuth 2.0 protocol for authenticating both user accounts and service accounts. The OAuth 2.0 authentication process determines both the principal and the application. Most Google Cloud APIs also support anonymous access to public data using API keys.
Endpoints is an API management system that helps you secure, monitor, analyze, and set quotas on your APIs using the same infrastructure Google uses for its own APIs.
Endpoint authentication is a security mechanism designed to ensure that only authorized devices can connect to a given network, site or service. The approach is also known as device authentication.
Google Cloud supports three main types of credentials by which apps can gain access to API s and services. These are API keys, OAuth 2.0 client ID s and service accounts. This article gives an overview of these methods. It offers some guidelines on how to choose the right authentication method for an application.
You can supply your own authenticator to Endpoints and the injected User will be obtained with your authenticator https://developers.google.com/appengine/docs/java/endpoints/javadoc/com/google/api/server/spi/config/Authenticator.html.
The Facebook credentials can be sent via a header, e.g. Authorization header and it can be accessed from backend via HttpServletRequest, which you can handle inside Authenticator.authenticate method.
For example.
// Custom Authenticator class public class MyAuthenticator implements Authenticator { @Override public User authenticate(HttpServletRequest request) { String token = request.getHeader("Authorization"); if (token != null) { String user = authenticateFacebook(token); // apply your Facebook auth. if (user != null) { return new User(user); } } return null; } } // Endpoints class. @Api(name = "example", authenticators = {MyAuthenticator.class}) public class MyEndpoints { public Container getThing(User user) { Container c = new Container(); if (user != null) { c.email = user.getEmail(); } return c; } public class Container { public String email; public String extraData; } } When I try your example I always get an: java.lang.NullPointerException: authDomain must be specified. But I cannot set an authDomain on the User object. Any ideas?
UPDATE: This is connected to this Bug https://code.google.com/p/googleappengine/issues/detail?id=12060&q=endpoints&colspec=ID%20Type%20Component%20Status%20Stars%20Summary%20Language%20Priority%20Owner%20Log
in version 1.9.22
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
