Using appengine and google identity platform as a mobile app backend

0
votes

I'm sending SOS message in a bottle here but who knows...

So I'd like to use an AppEngine application as the backend for a mobile app (available on ios and android, but no browser-based app so far).

I'd like to support anonymous users as well as users signed in with different provider (Google, Facebook and the traditional username/password).

So Google Identity Toolkit seems like the way to go... I managed to get the identity toolkit demo running on ios (shame on you Google for not providing a Swift Framework...), yet I still don't get how it fit in an AppEngine application:

  • on the appengine side how do I check whether a request come from a signed-in user or from an anonymous one ?

  • The AppEngine OAuth service documentation mentions the OAuth2 'Authentication: Bearer' token but the Google Identity Toolkit return an 'Google Identity ID token' if I'm correct. Plus, which API provides the OAuthService thing mentioned in the doc ? Any maven repository info is welcome...

  • if Google Identity Toolkit is not the way to go, meaning I have to build a custom solution, should I use the authorization code flow with the oauth client being my mobile app ? Should I build a custom session implementation ?

Thanks a lot for any help

Brieuc

1
google-app-engineoauth-2.0google-identity-toolkit
Identity toolkit and oauth2 are two diferent ways. dont mix them. - Zig Mandel
I think I make the distinction. All I want is to identify requests coming from users authenticated through various providers (using any incarnation of oauth) as well as being able to pull profile info for those users. Google Identity toolkit seems the solution for that but the irony is I have no clue how to do it with an app engine backend... - applequist
using identity toolkit is the same regardless of what you use on the backend, appengine or not. follow the examples and post a specific issue with them. - Zig Mandel
Ok maybe I stated my question wrong. AppEngine has a service to identity users that only works with Google accounts or accounts from a Google app domain (see cloud.google.com/appengine/docs/java/users). What I would like is to implement the same thing but for users logged in using either their Google account or a Facebook account. I though Google Identity Toolkit would be a good starting point but I miss the link with AppEngine... - applequist
the user service is something else. - Zig Mandel

1 Answers

0
votes

Here is the python version of what I think you're wanting

  • Client received the auth_token from provider
  • Client sends it to your app-engine backend
  • App engine uses token to get user profile from provider
  • Creates user account
  • Generates private bearer token & returns it to client
  • Client ads this token to http auth header for all api requests
  • Backend uses this private token to identify & load user.

If I have any of this wrong, please clarify here because I'm trying to understand this as well.