Android客户端-使用Google Cloud Endpoints的Google App引擎身份验证
[英]Android Client - Google App engine authentication using Google Cloud Endpoints
问题描述
I have a web application that is written on Python / Google Appengine / WebApp2 framework. 
我有一个使用Python / Google Appengine / WebApp2框架编写的Web应用程序。 The web application has native (custom) authentication. Web应用程序具有本机(自定义)身份验证。 The userid / password is managed by the application (and it does not use Google Accounts). 用户名/密码由应用程序管理(它不使用Google帐户)。
The web application needs to be extended to Mobile clients as well. Web应用程序也需要扩展到移动客户端。 So I am developing a native Android Client application and trying to integrate with Google Appengine. 因此,我正在开发本机Android客户端应用程序,并尝试与Google Appengine集成。
For authentication from the Android Client to the Google app engine, I am trying to keep it very simple by using Google Cloud Endpoints. 对于从Android客户端到Google应用程序引擎的身份验证,我尝试通过使用Google Cloud Endpoints使其非常简单。 Can you please suggest if my approach below is correct ? 您能否提出以下我的方法是否正确?
- Generate a white list of client IDs using the Google app engine console (for Android, Web and eventually IOS). 使用Google App Engine控制台(适用于Android,Web和最终的IOS)生成客户端ID白名单。
- Create a Google Cloud Endpoint backend Api (in Python) with the white list of clients(Web, android and IOS) as suggested here – https://cloud.google.com/appengine/docs/python/endpoints/getstarted/backend/ 根据此处的建议,使用客户端白名单(Web,Android和IOS)创建Google Cloud Endpoint后端Api(使用Python)– https://cloud.google.com/appengine/docs/python/endpoints/getstarted/backend/
- Create a backend library. 创建一个后端库。
- Import the library to the Android Client 将库导入到Android客户端
My expectation after the above are as follows – 我对上述情况的期望如下:
- End users using the Google Cloud Endpoints Api (from Android Client) will authenticate the android client with Google App engine. 使用Google Cloud Endpoints Api(来自Android客户端)的最终用户将使用Google App引擎对android客户端进行身份验证。
- As part of this secure authentication of the Client-GAE, I can then pass the user login-id as a parameter of the API calls and get data / post data for that particular userid. 作为Client-GAE的此安全身份验证的一部分,我然后可以将用户登录ID作为API调用的参数传递,并获取该特定用户ID的数据/发布数据。
- I am storing the userid (not the password) for the end-user using local storage in the mobile client. 我正在使用移动客户端中的本地存储来存储最终用户的用户ID(而不是密码)。
Can you please suggest if my approach above is correct? 请问我上面的方法是否正确? I purposefully would like to avoid using Google Accounts based authentication from Android Client to the GAE. 我有意避免从Android客户端到GAE使用基于Google帐户的身份验证。
1 个解决方案
解决方案1
0 2015-05-02 08:07:00
In order to get an App Engine user instance injected into your API method by Google Cloud Endpoints, you do need to be using a Google account in the Android app. 为了让Google Cloud Endpoints将App Engine用户实例注入到您的API方法中,您确实需要在Android应用程序中使用Google帐户。 The service builder in your Android code takes a GoogleAccountCredential. Android代码中的服务构建器采用GoogleAccountCredential。
You can still support your own userid and password, but you can't leverage the user injection if you do. 您仍然可以支持自己的用户名和密码,但是不能使用用户注入。
[EDIT] [编辑]
If you're not going to use Google Accounts in the Android app, forget the SHA1 and API key. 如果您不打算在Android应用程序中使用Google帐户,请忘记SHA1和API密钥。 You're going to have to roll your own auth. 您将必须进行自己的身份验证。 It's up to you how you do this, but you might start your session with an API call that takes a username and password and returns a token. 这取决于您的操作方式,但是您可以通过使用用户名和密码并返回令牌的API调用开始会话。 All other API calls might take that token and check it for validity before returning a result, for example. 例如,所有其他API调用都可能使用该令牌并在返回结果之前检查其有效性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.