I have a web application that is written on Python / Google Appengine / WebApp2 framework. The web application has native (custom) authentication. The userid / password is managed by the application (and it does not use Google Accounts).
The web application needs to be extended to Mobile clients as well. So I am developing a native Android Client application and trying to integrate with Google Appengine.
For authentication from the Android Client to the Google app engine, I am trying to keep it very simple by using Google Cloud Endpoints. Can you please suggest if my approach below is correct ?
- Generate a white list of client IDs using the Google app engine console (for Android, Web and eventually IOS).
- Create a Google Cloud Endpoint backend Api (in Python) with the white list of clients(Web, android and IOS) as suggested here – https://cloud.google.com/appengine/docs/python/endpoints/getstarted/backend/
- Create a backend library.
- Import the library to the Android Client
My expectation after the above are as follows –
- End users using the Google Cloud Endpoints Api (from Android Client) will authenticate the android client with Google App engine.
- As part of this secure authentication of the Client-GAE, I can then pass the user login-id as a parameter of the API calls and get data / post data for that particular userid.
- I am storing the userid (not the password) for the end-user using local storage in the mobile client.
Can you please suggest if my approach above is correct? I purposefully would like to avoid using Google Accounts based authentication from Android Client to the GAE.
