Google App Engine Cloud Endpoints OAuth 2.0 Scopes

3
votes

I'm trying to follow the following guide: https://developers.google.com/appengine/docs/java/endpoints/auth

I've followed the steps and added the client id and the User parameter which when null I throw an OAuthRequestException exception.

When I deploy to Google and access the API using the API Explorer I get the expected unauthorised exception when accessing the API without OAuth. Great everything works so far!

It suggests to switch the OAuth 2.0 toggle. I do this and I get a message saying:

* API does not declare any scopes. You can manually add scopes using the box below

the message also directs me to: http://code.google.com/apis/accounts/docs/OAuth2.html to learn more about Scopes.

But there is very limited information about scopes on that suggested page. I'm new to OAuth and despite searching Google and StackOverflow I'm not sure what a scope is? How do I declare on in the API? When I manually add something to the API explorer prompt I get an error message saying it is an invalid_scope. So what is a valid scope?

3
javagoogle-app-enginegoogle-cloud-endpoints

3 Answers

5
votes

For authentication to work with cloud endpoints you will need to request this scope: 

https://www.googleapis.com/auth/userinfo.email

The cloud endpoints library needs the user's email address to create a User entity from it.

See https://developers.google.com/appengine/docs/java/endpoints/consume_js#adding-oath-authentication for reference.

1
votes

While @Scarygami's answer could be correct in 2013, now you should use this scope:

https://www.googleapis.com/auth/plus.profile.emails.read

You can find warning about old email scope:

Warning: This scope is deprecated. Google will no longer support this scope after Sept. 1, 2014. For details, see Migrating to Google+ Sign-In.

More about scopes: https://developers.google.com/+/api/oauth

EDIT:

Looks like something has changed in the matter of supporting old email scope. Here's the actual statement.

Note: This scope is deprecated; however, it will be maintained and kept available for backward compatibility. For an explanation about this change, see Migrating to Google+ Sign-In.