仅限访问我的Android应用程序的端点
[英]Limit access to my endpoints to my Android app only
问题描述
I'm new to the Google App Engine, and I'm trying to make my first engine and connect it to my Android app. 
我是Google App Engine的新手,我正在尝试制作我的第一个引擎并将其连接到我的Android应用。 I have walked through this tutorial in order to learn about it: 我已经浏览了本教程以了解它:
https://cloud.google.com/endpoints/docs/frameworks/legacy/v1/java/helloendpoints-android-studio https://cloud.google.com/endpoints/docs/frameworks/legacy/v1/java/helloendpoints-android-studio
I got it to work fine. 我把它弄好了。 I can access my app engine from my android app, and get the wanted response. 我可以从我的Android应用程序访问我的应用程序引擎,并得到想要的响应。 The problem is, I want to restrict the endpoints of my API to my app's users only. 问题是,我想将我的API的端点限制为我的应用程序的用户。
This is my API method (from the tutorial), and as for now, everyone can access my api's explorer and execute methods in it, as long as they are logged in to any Google account. 这是我的API方法(来自教程),并且就目前而言,每个人都可以访问我的api的资源管理器并在其中执行方法,只要他们登录到任何Google帐户即可。
I want the users to be able to execute this method from my app only. 我希望用户只能从我的应用程序执行此方法。
This is my app engine java file: 这是我的app引擎java文件:
package com.example.Barda.myapplication.backend;
import com.google.api.server.spi.config.Api;
import com.google.api.server.spi.config.ApiMethod;
import com.google.api.server.spi.config.ApiNamespace;
import com.google.api.server.spi.response.UnauthorizedException;
import com.google.appengine.api.users.User;
import javax.inject.Named;
/**
* An endpoint class we are exposing
*/
@Api(
name = "myApi",
version = "v1",
clientIds = {Constants.ANDROID_CLIENT_ID},
audiences="firebase-wiki-race.appspot.com",
namespace = @ApiNamespace(
ownerDomain = "backend.myapplication.Barda.example.com",
ownerName = "backend.myapplication.Barda.example.com",
packagePath = ""
)
)
public class MyEndpoint {
/**
* A simple endpoint method that takes a name and says Hi back
*/
@ApiMethod(name = "sayHi")
public MyBean sayHi(@Named("name") String name) throws UnauthorizedException {
// if (user == null) throw new UnauthorizedException("User is Not Valid");
MyBean response = new MyBean();
response.setData("Hi, " + name);
return response;
}
}
This is constants class: 这是常量类:
package com.example.Barda.myapplication.backend;
/**
* Contains the client IDs and scopes for allowed clients consuming your API.
*/
public class Constants {
public static final String ANDROID_CLIENT_ID = "*********************.apps.googleusercontent.com";
}
I have generated using my app's SH-1 and package name the ANDROID_CLIENT_ID . 我使用我的应用程序的SH-1和包名称生成了ANDROID_CLIENT_ID 。
I have searched online a lot, and read blogs and threads, but I couldn't make it work. 我在网上搜索了很多,并阅读了博客和主题,但我无法使其发挥作用。 Is this a possible thing to do? 这可能是一件事吗? What am I doing wrong? 我究竟做错了什么?
1 个解决方案
解决方案1
0 已采纳 2017-06-01 21:00:29
You'll want to follow the documentation's guide on adding authorization to the API backend . 您需要遵循有关向API后端添加授权的文档指南。 In this process you define a list of clients that are authorized to use your Endpoint. 在此过程中,您将定义有权使用您的Endpoint的客户端列表。
Once that's done you can follow the guide on making authenticated calls from Android. 完成后,您可以按照指南从Android 进行经过身份验证的调用 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.