Google App Engine: Endpoints authentication with ID and password

8
votes

We have an HTML5 client accessing a Google Cloud Endpoints backend. We want to offer users a reasonable range of sign-in methods, e.g.: sign-in with an existing OpenID, or alternatively sign-up with an email and password. These seem like basic requirements to us! If there is a better alternative that does not restrict our audience, then we'd consider it.

We're encountering two problems: (1) it seems the Endpoints service will only authenticate Google accounts, and (2) we don't know how to support "sign-up with email and password" together with Endpoints.

Edited: We found that our requirements can work together with Endpoints, but we did not find any Python examples to help, or to support an OpenID provider. We created our own "email/password" authentication option and enable it in parallel with Google OAuth. Overall the documentation on authentication when using Cloud Endpoints is minimal. Documentation and examples are stronger for the newer "Mobile Backend" project.

1
google-app-engineopenidgoogle-oauthrestful-authenticationgoogle-cloud-endpoints
What makes you say "will only authenticate G+ accounts"? That's not my experience.pinoyyid
The behavior you described is mostly correct. Endpoints provides built-in authentication support for any Google account (the account doesn't have to have G+ enabled). I don't believe the built-in authentication will work with other providers (including your own email/password). An option is to disable authentication in Endpoints, and then do your own in your app (using interfaces provided by each of the major IDPs).aeijdenberg
@pinoyyid I was misinformed about G+, any Google account is supported.user3011479
@aeijdenberg thank you, as you said, built-in authentication doesn't support any other providers. I was looking for examples and guidance on how to use built-in Google authentication and also support our own ID scheme. No guidance was found.user3011479
@user3011479 wie have also an cloud endpoints API with Python. Can you explain me please how you implemented the username password login in endpoints ? I dont find an document wjen googeling arround ;) maybe im google the wrong question. Thanks for your help.Kay Schneider

1 Answers

2
votes

You are right, at this point you can build an oAuth provider using the lib provided in app-engine but that requires your users to have an Google account. So to protect my API I had to build my own custom oAuth2 provider. I did this by using the python oAuthLib library (oAuthLib). They have an awesome doc that will guide you through. I also made a rough document on how I made it app engine specific. If interested please take a look at the link Blog page

I hope this helps.