Google Cloud Endpoints custom Authentication

Question

I am quite new to google cloud endpoints and I would like know how to Use Auth with Endpoints, the tutorial here is good, but I don't understand this thing:

• It says, that I should add a user( com.google.appengine.api.users.User ) parameter to backend's methods for auth. If I want to use android as client part, I should provide GoogleAccountCredential object to make an authenticated call [ 2 ]. The GoogleAccountCredential is created this way

credential = GoogleAccountCredential.usingAudience(this,
"server:client_id:1-web-app.apps.googleusercontent.com");
credential.setSelectedAccountName(accountName);

The accountName is the name of a Google Account, so I assume, that everyone, who has the Google Account and is using my Google Cloud Endpoint application can create the GoogleAccountCredential object and make an authenticated call to backend.

But there are obviously many methods in my backend, which can be invoked only by some users of my app. (example: There is a method, which will give me a details about my friend, it's clear that this method can be called only by his friends.). Hence my question is: Is there any way to map the com.google.appengine.api.users.User to some my custom User entity, to be possible to check whether the User is really authorized to call the backend's method and not only to know that the method was called by a User with Google Account ? Should I write my custom Authenticator for this, if so, could you advise me how ?

Thank you!

Answer 1

You can set an Authenticator class which will handle the custom authentication. https://cloud.google.com/appengine/docs/java/endpoints/javadoc/com/google/api/server/spi/config/Authenticator you just need to set the authenticators param in the @ApiMethod and you can write your own authentication logic