Restricting access to app engine cloud endpoint apis to web clients that belongs to a certain OpenID account

0
votes

I have deployed my cloud endpoints on app engine using java. Now I need to restrict access to these APIs to only those web clients who are logged in to my web application using an openid.

I will create my own identity provider and I want to access GAE cloud endpoints using this identity of user.

So, I need a mechanism to issue a token and then needs my GAE cloud endpoint to verify that token and only then provide the API service to that client.

So far I have created Cloud endpoints and they are accessible publicly which is the issue.

To summarize, I have following questions:

  1. Can I restrict access to my GAE cloud endpoints to only a few web clients who will be accessing these APIs using a client side web application?

  2. If yes, How will I provide surety to my endpoints that the request is coming from a valid user of the web application that I have developed using my own Identity provider?

1
google-app-engineoauth-2.0openidgoogle-cloud-endpoints

1 Answers

0
votes
You can generate client Ids for web, android and IOS applications, and to allow api access to only genuine users you can use the User class object of the com.google.appengine.api.users

as a parameter to your api method and than check it for null value, if it is null it is not a valid user.



Or you can use the @apiMethod annotation of app engine and provide the cliendID parameter with the client ids of the genuine applications.`enter code here`