UserService, OAuth, and AJAX in App Engine
Question
I'm running a webapp that checks if a user is logged in with UserService , then shows them their homepage if they are, or redirects them to a login screen if not. Once on the page, I would like to be able to update specific portions using AJAX when they click certain elements. Now, I have already written a REST API in the same GAE project using Cloud Endpoints that gets all the information I want, and so in the spirit of DRY I would rather use my own API than write new servlets to handle these requests.
The problem is that I need to generate an OAuth token in order to access the API. I can easily do this from the Google API JavaScript Client Library, but then my user needs to re-authenticate for the rest API, which is not only bad from a UX perspective, but more importantly exposes my client id in the page's javascript and passes a token through HTTP (non- SSL ) headers.
The only option I see is to write a servlet for each request and have duplicate work. But conceptually, I'm already logged in to Google , so I should just be able to access the API. How does one usually go about this? Am I thinking about it all wrong?
1 answers
solution1
2 ACCPTED 2013-11-03 08:40:46
UserService and OAuth are two different authentication (and authorisation) mechanisms and you can not combine them.
If you do need OAuth to access some of the APIs than also use server side OAuth . This way you can access APIs and replace UserService all in one go.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.