stackoom
  简体   繁体   中英

Cloud Endpoint Authentication audiences

 原文  2017-01-25 12:08:08       android/ google-app-engine/ google-cloud-endpoints

Question

I created a API in Python with Google Cloud Endpoint Framework and my Android Client is the only application which has the permission to talk with the API.

I followed the tutorials and guides on Google for Authentication and to protect the API one can give access to specific client ids: 

WEB_CLIENT_ID = 'myApiClientId.apps.googleusercontent.com'
ANDROID_CLIENT_ID = 'myAndroidClientId.apps.googleusercontent.com'
ANDROID_AUDIENCE = [ANDROID_CLIENT_ID]
ALLOWED_CLIENT_IDS = [WEB_CLIENT_ID, ANDROID_CLIENT_ID, endpoints.API_EXPLORER_CLIENT_ID]

api_collection = endpoints.api(name='myApi',
                               version='v1',
                               allowed_client_ids=ALLOWED_CLIENT_IDS,
                               audiences=ANDROID_AUDIENCE,
                               auth_level=endpoints.AUTH_LEVEL.REQUIRED
                               )

On this site they say that "audiences" should contain the client id of the backend api

For Android clients, this mechanism is the audiences argument, in which you specify the client ID of the backend API.

But on this site, they tell that the "audiences" field should contain the Android client id:

Replace ALLOWED_CLIENT_IDS with the list of OAuth 2 client IDs generated from each client's Google Cloud Platform Console project, and replace ANDROID_AUDIENCE with the list of Android web client IDs . The web client ID is the client ID with .apps.googleusercontent.co appended, for example:YOUR-CLIENT-ID.apps.googleusercontent.com.

What is the correct way to protect the API for unauthorized access? I don't need the "user" account on backend side, I only want that the Android client is the only client which can access the API. My REST client can access the API too though the client ids are specified and AUTH_LEVEL is set on required.

1 answers

solution1
 0  2017-01-25 15:22:50

It seems that ANDROID_AUDIENCE has to be the web client id of the backend server. Also, I had to add a new "web client id" for my android application but not of type "Android" but "Webapplication". This client id has to be in the google-services.json together with the Android client id and in the ALLOWED_CLIENT_IDS array at the backend server.

And in every method I have to check for get_current_user(). I don't understand why this is necessary but it works only this way.

I really hae to say that the documentation or better "guides" could be a little bit beteter on Google site and consistent.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cloud Endpoint Gradle Dependencies How exactly to set clientIds and audiences to authenticate Google Cloud Endpoints for an Android App Endpoint.Builder missing for generated cloud endpoint How to cancel Google Cloud Endpoint Endpoint request Google Cloud Endpoint Authentication from my Android Client: Audience not Allowed and Oauth framework user didn't match oauth token user SSLHandshakeException cloud endpoint client lib generating cloud endpoint library falied IS GCM A CLOUD ENDPOINT OR SEPARATE ENTITY? Date serialization Google Cloud Endpoint Google Cloud Endpoint + Restful + CRUD
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM