I have a RESTful service running on GCP's App Engine which is secured by IAP. I'd like to invoke those methods from a web app but not sure how to set up authentication. The web app is written in TypeScript / Angular.
Any guidance/examples would be greatly appreciated!
You can use a service account or ID token, after configuring your API to support authentication. You can find plenty of details and examples on the "Authentication Between Services" documentation page.
Related
I am building a reservation system in Google App Engine using Go. I need 2 forms of authentication in my program.
Public Form -- form built in Angular that is on our public website. I want my front-end to have some sort of credentials.json file to use when requesting the book and getOpenDates endpoints in my RESTful API running in Go on Google App Engine.
Private Companion App -- protected by username and password that the user supplies in my app built in Flutter. The app is requesting many endpoints in App Engine. I would like to use JWT to authenticate this portion, but I'm not 100% sure JWT is what I need.
I'm not sure if this tutorial on Identity Platform is what I want. I'm very new to App Engine and authentication in general, so I am a bit lost.
Please describe how I could implement these authentication methods in my RESTful API in Go running on Google's App Engine. I think I may be able to implement the username/password method using a tutorial like this but I'm very lost on the 1st form of authentication with just a credentials file as authentication. If I'm going in the complete wrong direction to accomplish what I want please tell me, but what I'm looking for is code or a tutorial describing how to authenticate using these 2 methods. Thanks for any help.
From what I understand, you want to have a golang backend API in App Engine that serves both your web frontend (1.) and your users app (2.).
I am going to suppose that any user with username/password can use both your frontends: the web app and the mobile app with these credentials.
The credentials.jsons are not designed to authenticate users of your services, but rather server to server communication.
With that in mind, I have found the guide Session based authentication in golang, that could help you to set up your backend to accept only authenticated requests over HTTPS. The web browser will automatically save the cookie, however you need to store the cookie in your mobile app.
For much more complicated scenarios for authenticating from different webpages, it is required to use OAuth2 as you can see in this thread. If you don't find any of your requirements listed in here it is probably overkill to use Auth0 nor OAuth2.
I am developing a Mobile app (Ionic) with the backend in Google App Engine. This app needs to login using Google authentication and security interchange with Google App Engine (Python) application.
Google is showing 2 configurations to achieve this.
Mobile Client <-> Firebase <-> Google App Engine:
Mobile Client <-> Cloud Endpoints <-> App Engine:
In my current approach 1, the Ionic app is able to login to Google and exchange information with Firebase, Firebase is able to interact with Google App Engine, but I'm not sure how to get Ionic app to authentication and security interchange with Google App Engine.
Can I use this approach?
OR do I need to use 2 Mobile Client <-> Cloud Endpoints <-> App Engine
Thank you.
I am also running approach 1 for my application.
You will receive on your android client an authentication token from Firebase after login.
Next you need to pass this token to your cloud endpoints. See the following link:
Send Firebase Token from Android to Google Cloud Endpoints
You have to verify the token on Google App Engine. Please see:
How do I secure my Google Cloud Endpoints APIs with Firebase token verification?
and please see
Google Cloud Endpoints and user's authentication
for implementing your own custom Authenticator for your Cloud Endpoints
You are right in using the first approach as it enables you to benefit from the Firebase infrastructure and its added functionalities as stated on the platform’s page.
Now, the Authenticating Users on App Engine Using Firebase tutorial is an excellent example of assembling an app according to your first configuration. You may want to look at the Authenticating users on the server section for more details on how your Ionic app would interact with the App Engine server. It is explained that once your users are signed-in via the added Firebase Authentication user interface (on your Ionic app), the communication between the app and the server is handled through tokens as described here.
The second approach is also possible, but you will have to implement your own authentication mechanism or use a similar application framework as Flask. A framework which the application in the provided tutorial is already based on.
I want to access gmail api in a web application which is not installed on Google App Engine
using oauth 2.0.
I looked into oauth and it seems that we need client_id and client secret to get access token.
Client_id and Client secret is given once we create project on google app engine
How can I do that?
Link to the developer's console which will let you create a new project:
https://console.developers.google.com
More details on the webserver oauth flow:
https://developers.google.com/accounts/docs/OAuth2WebServer
I have develop a Spring MVC Rest service on Google App Engine with Spring Security 3.1.
Since the service will be available only to my other apps, I have a basic authentication setup with predefined username and password.
Now, I have a client developed with RestTemplate. But I am not able to find a way to access my services securely with username and password, sent via RestTemplate.
I have gone through many articles, but most are using Apache HttpClient (not supported by google appengine).
SO, is there any alternatives to getting what i want on google appengine.
You can try the Basic Auth with URLFetch as this is supported by google, though you want to have the ssl enabled to for use Basic Auth.
You might want to see at this link, though not for appengine but should be good.
http://www.jpalace.org/docs/technotes/spring/rest-security.html
I want to implement some form of access control for a REST API implemented in App engine. Is it possible to get the list of GAE Applications that a user has permissions to administer or view in the app engine console. Or whether the user has permissions to administer/view the current application.
Note: the Users API does not work for me because this is a rest server called by another google app not a web service called by a user from the browser. OAuth API seems promising but I was unable to find an OAuth scope or rest endpoint for getting GAE related information.
there is no API that can provide a "list of GAE Applications that a user has permissions to administer." Google Cloud Endpoints on App Engine (Trusted Tester program) may be useful for hosting custom RESTful APIs with user authorization may be useful, read more here: http://endpoints-trusted-tester.appspot.com/
There must be an API as the Google Eclipse plugin is using it.
https://developers.google.com/eclipse/docs/signin?hl=de
But it is not documented.