What is the difference between UnauthorizedException vs OAuthRequestException in Cloud Endpoints?

3
votes

In Cloud Endpoints, I understand that when doing OAuth I need to check if user == null to determine if a user has authenticated. In the case that the user is null I should throw an exception. In sample Google Cloud Endpoints code snippets I have seen two different exceptions being used though.

The OAuth documentation for cloud endpoints says to throw OAuthRequestException. However, I have seen other code bases (including a Udacity Course) throw UnauthorizedException.

I've noticed that OAuthRequestException does not extends from com.google.api.server.spi.ServiceException so Im thinking UnauthorizedException is the correct choice?

Which one should I use?

1
javagoogle-app-enginegoogle-cloud-endpoints

1 Answers

0
votes

I would stick to UnauthorizedException' since it extends from theServiceException` class. As per the documentation at https://developers.google.com/appengine/docs/java/endpoints/exceptions and from API Best Practices, it is advisable to map the exceptions in a manner such that the correct HTTP Status Code is thrown.

So, in the case of the UnauthorizedException , HTTP 401 is thrown.

This is what I usually do in my code and I believe (and which you can try!) that you will see a standard catch all HTTP Error Code being thrown back in case you throw exceptions like OAuthRequestException that do not extend ServiceException (HTTP 503 or HTTP 500)