[英]Android Client - Google App engine authentication using Google Cloud Endpoints
I have a web application that is written on Python / Google Appengine / WebApp2 framework. 我有一个使用Python / Google Appengine / WebApp2框架编写的Web应用程序。 The web application has native (custom) authentication.
Web应用程序具有本机(自定义)身份验证。 The userid / password is managed by the application (and it does not use Google Accounts).
用户名/密码由应用程序管理(它不使用Google帐户)。
The web application needs to be extended to Mobile clients as well. Web应用程序也需要扩展到移动客户端。 So I am developing a native Android Client application and trying to integrate with Google Appengine.
因此,我正在开发本机Android客户端应用程序,并尝试与Google Appengine集成。
For authentication from the Android Client to the Google app engine, I am trying to keep it very simple by using Google Cloud Endpoints. 对于从Android客户端到Google应用程序引擎的身份验证,我尝试通过使用Google Cloud Endpoints使其非常简单。 Can you please suggest if my approach below is correct ?
您能否提出以下我的方法是否正确?
My expectation after the above are as follows – 我对上述情况的期望如下:
Can you please suggest if my approach above is correct? 请问我上面的方法是否正确? I purposefully would like to avoid using Google Accounts based authentication from Android Client to the GAE.
我有意避免从Android客户端到GAE使用基于Google帐户的身份验证。
In order to get an App Engine user instance injected into your API method by Google Cloud Endpoints, you do need to be using a Google account in the Android app. 为了让Google Cloud Endpoints将App Engine用户实例注入到您的API方法中,您确实需要在Android应用程序中使用Google帐户。 The service builder in your Android code takes a GoogleAccountCredential.
Android代码中的服务构建器采用GoogleAccountCredential。
You can still support your own userid and password, but you can't leverage the user injection if you do. 您仍然可以支持自己的用户名和密码,但是不能使用用户注入。
[EDIT] [编辑]
If you're not going to use Google Accounts in the Android app, forget the SHA1 and API key. 如果您不打算在Android应用程序中使用Google帐户,请忘记SHA1和API密钥。 You're going to have to roll your own auth.
您将必须进行自己的身份验证。 It's up to you how you do this, but you might start your session with an API call that takes a username and password and returns a token.
这取决于您的操作方式,但是您可以通过使用用户名和密码并返回令牌的API调用开始会话。 All other API calls might take that token and check it for validity before returning a result, for example.
例如,所有其他API调用都可能使用该令牌并在返回结果之前检查其有效性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.