Server-side redirect if not logged in

Question

I use Cloud Endpoints and do client-side oauth to access my backend. This works fine, except that it means I can only check whether the person hitting up my app URL is a user or not after the whole page and attached scripts have loaded and the oauth request has completed.

I'd like to enable server-side authentication so that I can use the same URL for my landing page and my app, and redirect the person to the app if she is a user or to the landing page if she isn't.

The problem is that the User Tutorial uses the UserService for authentication whereas Cloud Endpoints uses the OAuth Service . I can't figure out how to use OAuth in my redirect filter because all the links from the OAuth section linked to above are for OAuth 1 and are deprecated .

How can I check in my redirect filter whether the person visiting is a user or not and simultaneously get a token that I can use to subsequently call my endpoints if she is a user?

I'm using the Google Api JS client to make calls to cloud endpoints, so the solution would optimally integrate with that, using gapi.auth.setToken(token) with the token retrieved and bypass the whole gapi.auth.authorize(params, callback) dance.

Answer 1

You can provide custom servlet implementaion for login flow where You will fetch oauth-token by providing new Flow and then validate that access token to grant authorization of protected resources.

Google provides good reference document here and You can use this sample code repo for reference.

Answer 2

You can use the user API for endpoints, no need to use OAuth if doesn't suit your needs. You only need to add an parameter of the type com.google.appengine.api.users.User to your endpoint. As stated here .

Eg:

 @ApiMethod(name = "scores.insert")
    public Score insert(Score score, User user) throws OAuthRequestException, IOException {
      //Check if user is null
      //Do your thing

    }