Our web application does not offer Google Accounts authentication. We have implemented our own authentication using WebApp2 Authentication: http://webapp-improved.appspot.com/tutorials/auth.html.
We'd like to use Cloud Endpoints as an API for mobile apps/third party developers but we would still like to use oAuth2 for authentication.
What are the steps required to implement this? Do we need to setup our own oAuth server on AppEngine and will the Google client libraries be compatible?
You don't have to do anything. I have a federated log-in app on app-engine where i recently added an Android app that uses Cloud Endpoints. You don't have to do anything special, just put a User parameter to your function. In the User object you will find the user email that you have to Authorize in order to access the data.
@Api(name = "my_api",
version = "v1",
scopes = {"https://www.googleapis.com/auth/userinfo.email"},
clientIds = {Constants.AUTH_CLIENT,
Constants.AUTH_CLIENT_APIEXPLORER})
public class MyEndpoint {
@ApiMethod(name = "fistEndpoint")
public ResponseObject fistEndpoint(User user) throws OAuthRequestException {
if (user == null) {
throw new OAuthRequestException("Access denied!");
}
String email = user.getEmail();
//Authorize the request here
//make the ResponseObject and return it
}
}
After you created the endpoint visit: https://your-app.appspot.com/_ah/api/explorer and test it
UPDATED: The example above is restricted to Google accounts. If you want a different type account you can check out this post: Custom Authentication for Google Cloud Endpoints (instead of OAuth2)
Google Cloud Endpoints are stateless so if you do not use Google authentification you cannot retrieve user email into the endpoint.
In fact, endpoints are just http request so you can pass what you info the http authorization like a bearer. You have a total access to this information info the endpoints.
I hope it will help you.
