How to add authentication to google cloud endpoints?

4
votes

Starting with the Google Cloud Endpoint, tic tac toe example (see https://github.com/GoogleCloudPlatform/appengine-endpoints-tictactoe-java)

Then, create an "AppEngine Connected Android Project" via Ellipse in the latest Android Ellipse plugin (see https://developers.google.com/eclipse/docs/endpoints-androidconnected-gae)

Now this creates endpoints with no authentication. 

// @Api(name = "messageEndpoint")
//NO AUTHENTICATION; OPEN ENDPOINT!

Now try to add authentication using the tic tac toe application as an example.

@Api(name = "messageEndpoint",
version = "v1",
clientIds = {Ids.WEB_CLIENT_ID, Ids.ANDROID_CLIENT_ID, Ids.IOS_CLIENT_ID, com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID},
audiences = {Ids.ANDROID_AUDIENCE}

)

In case of oauth exception add this:

//public void sendMessage(@Named("message") String message)
  //throws IOException {

public void sendMessage(@Named("message") String message)
  throws OAuthRequestException,IOException {

And test using the api explorer, https://[your-app-id].appspot.com/_ah/api/explorer, I replaced [your-app-id] with my specific application id.

POST https://[your-app-id].appspot.com/_ah/api/messageEndpoint/v1/sendMessage/test
X-JavaScript-User-Agent:  Google APIs Explorer

503 Service Unavailable


cache-control:  private, max-age=0
content-encoding:  gzip
content-length:  193
content-type:  application/json; charset=UTF-8
date:  Mon, 01 Apr 2013 22:57:17 GMT
expires:  Mon, 01 Apr 2013 22:57:17 GMT
server:  GSE

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "backendError",
    "message": "java.lang.NoClassDefFoundError: Could not initialize class com.brooklynmarathon.citysync.endpoints.EMF"
   }
  ],
  "code": 503,
  "message": "java.lang.NoClassDefFoundError: Could not initialize class com.brooklynmarathon.citysync.endpoints.EMF"
 }
}

I tried the explorer with the tic tac toe application that I downloaded (Thanks Google Dev Rel) and built and uploaded here: https://brooklynmarathon.appspot.com/_ah/api/explorer

When I try to access the score list, I see:

GET https://brooklynmarathon.appspot.com/_ah/api/tictactoe/v1/score

X-JavaScript-User-Agent:  Google APIs Explorer


Response


401 Unauthorized

- Hide headers -

cache-control:  private, max-age=0
content-encoding:  gzip
content-length:  193
content-type:  application/json; charset=UTF-8
date:  Tue, 02 Apr 2013 01:14:40 GMT
expires:  Tue, 02 Apr 2013 01:14:40 GMT
server:  GSE
www-authenticate:  GoogleLogin realm="https://www.google.com/accounts/ClientLogin", service="xapi"

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "required",
    "message": "com.google.appengine.api.oauth.OAuthRequestException: Invalid user.",
    "locationType": "header",
    "location": "Authorization"
   }
  ],
  "code": 401,
  "message": "com.google.appengine.api.oauth.OAuthRequestException: Invalid user."
 }
}

My question is why does the tic tac toe example have the header: "www-authenticate: GoogleLogin realm="https://www.google.com/accounts/ClientLogin", service="xapi" and

In general, how do we add authentication to the "App Engine Connected Android Project" generated endpoints?

From web applications, android clients or iOS clients and can we test it from the api explorer?

1
javaandroidgoogle-app-enginegoogle-oauthgoogle-cloud-endpoints
What values are you using for Ids.*_CLIENT_ID? - Drux
+Drux Thanks for asking, but I moved on and used a python solution that works, so no need to answer this. - Ralph Yozzo

1 Answers

2
votes

"In general, how do we add authentication to the "App Engine Connected Android Project" generated endpoints?"

The instructions for doing that are here:
https://developers.google.com/appengine/docs/java/endpoints/consume_android#making-authenticated-calls

You will also see the instructions for iOS and Javascript there (on subsequent pages).

On the Server side you need to add the User object as the first parameter of your endpoint methods.

I don't know the answer to your other questions.