Skip to content
/ appengine-endpoints-auth-example Public

An example Google AppEngine Cloud Endpoints project using third-party authentication

License

View license
39 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

loudnate/appengine-endpoints-auth-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
auth
auth
 
 
ext
ext
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.yaml
app.yaml
 
 
helloworld_api.py
helloworld_api.py
 
 
main.py
main.py
 
 

Repository files navigation

An example Google AppEngine project using Cloud Endpoints and custom authentication.

The supported workflow:

  • A mobile client authenticates via a third-party provider using a native SDK flow, in this case with Facebook.
  • The Facebook access token is sent to the AppEngine app, who verifies and returns its own access token in response, creating a new User entity if necessary.
  • The client includes that token in each endpoints service request using in the Authorization header.
  • The endpoints method uses the access token to retrieve the authenticated user.

This is intentionally a narrow use case, but should help inspire ideas on different approaches as well.

Dependencies

  1. webapp2 is used for the access token exchange handler
  2. webapp2_extras.appengine provides a custom User model
  3. simpleauth is included a submodule and is used to verify provider access tokens

Usage

  1. Check out the project and submodules
git clone [email protected]:loudnate/appengine-endpoints-auth-example.git
git submodule update
  1. Generate a client application for your endpoints
  2. Include the Facebook SDK and implement a login flow
  3. Exchange the Facebook access token for one provided by your app
POST /oauth2/access_token HTTP/1.1
Host: https://your-app-id.appspot.com
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded

x_access_token=facebook-access-token&x_provider=facebook
{
  "token_type": "Bearer",
  "refresh_token": "6oqmYZSaQ72nZfEYlD5PZF",
  "access_token": "nc7Omfm4vgP0swqodJyDeN",
  "expires_in": 31536000
}
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
NSDictionary *parameters = @{@"x_access_token": @"facebook-access-token", @"x_provider": @"facebook"};

manager.responseSerializer = [AFJSONResponseSerializer serializer];
[manager POST:@"https://your-app-id.appspot.com/oauth2/access_token" 
   parameters:parameters 
      success:^(AFHTTPRequestOperation *operation, id responseObject) {
  // ...
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
  // ...
}];
  1. Store the credentials somewhere appropriate and send them with each endpoints service request
GTLServiceHelloworld *service = [[GTLServiceHelloworld alloc] init];
NSString *authHeaderValue = [NSString stringWithFormat:@"%@ %@", responseObject[@"token_type"], responseObject[@"access_token"]];

service.additionalHTTPHeaders = @{@"Authorization": authHeaderValue};

About

An example Google AppEngine Cloud Endpoints project using third-party authentication

Resources

Readme

License

View license
Activity

Stars

39 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages