I am new to cloud programming and will be making a GAE app with Cloud Endpoints.
I would like to use Oauth, but for Microsoft accounts as well as Google accounts.
I am having a hard time finding a definitive answer in the docs. I have read posts that are 3-4 years old stating that Cloud Endpoints only supports Oauth with Google accounts, but is this still the case?
You can go to Choosing an Authentication Method. There is a section titled Auth0 which states:
Auth0 authenticates and authorizes apps and APIs regardless of
identity provider, platform, stack and device.
Auth0 supports a large number of providers and the Security Assertion
Markup Language specification. It provides backend services, SDKs and
user interface libraries for authenticating users in web and mobile
apps......
.....
This might be what you need. Hope this helps
Related
I'm new to web dev, and trying to build an application using google app engine's java standard environment, which will require user authentication. I'd like to provide authentication which requires only a username and password of the user, as opposed to a phone number or social account.
As I look through the options listed in app engine's auth tutorial, if I'm understanding them correctly, none of them allow login without a phone number or social account? https://cloud.google.com/appengine/docs/standard/java/oauth/
If so, are there alternatives available while still using app engine? I've read some about 'web container managed authentication' but I'm not sure if its something app engine will support, or if its a full solution.
Is it possible/feasible to roll fully custom authentication in the app engine standard environment? As I search for custom authentication tutorials I see a lot of articles recommending against this, but it's not clear to me what the alternative is.
Thanks for any information
As it's mention on the OpenID Connect documents of Google Cloud, it's important for you and your users security to authenticate using well proven and debugged code. Google offers Firebase Authentication which let's users log in with an Email and password.
If you still want to implement the authorize part on your own, you can use your preferred web framework and probably it will have an authorizing process.
For example, in python you can use Django authorize system to provide users for a custom way to log in.
But, as I said before, I highly recommend you to use the Google APIs for authorizing as they are OpenID certificated.
Apparently there's no straightforward way supported by Google Cloud Endpoints for allowing/limiting access to a private Endpoints API to only your Mobile App (Android or iOS). 1 2 3 4
There likely are many Apps where the developer would like to have her back-end on Google Cloud Platform. And, likely many of these Apps would like to use the backend API without having the App user sign-in to their Google Account.
Is (at least current version) Endpoints meant to be used by only those Mobile Apps where users are Google users or where the APIs are open?
Or Am I missing something?
you are right, out of the Box Google Cloud Endpoints only supports Google Authentication but you can build your own authentication for your preferred login provider. This is also supported by Cloud Endpoints but for some reason the documentation is not propagated.
You need to implement a class with the interface
com.google.api.server.spi.config.Authenticator
Please have a look at the following example:
Google Cloud Endpoints and user's authentication
Regards
Michael
I have integrated my application with Google apps marketplace with old version of OpenID and getting the data from Google calendar by using Google calendar version 2 API. Now I need to integrate every thing to new version. I have confused a little bit as Google is providing various authentication and authorization process. I looked in to OpenID connect, JWT (JSON Web Token), Google calendar version 3 service account. May any one please help me out from this issue like that should I use to authenticate as well as for authorization. Thanks in advance.
https://developers.google.com/accounts/docs/OAuth2 gives a good overview on various ways to authenticate with Google APIs and when to use them. For instance JWT is useful when your application uses Google APIs to store/retrieve its own data i.e. not to access data of your application's user.
Also see https://developers.google.com/google-apps/calendar/auth
We have an HTML5 client accessing a Google Cloud Endpoints backend. We want to offer users a reasonable range of sign-in methods, e.g.: sign-in with an existing OpenID, or alternatively sign-up with an email and password. These seem like basic requirements to us! If there is a better alternative that does not restrict our audience, then we'd consider it.
We're encountering two problems: (1) it seems the Endpoints service will only authenticate Google accounts, and (2) we don't know how to support "sign-up with email and password" together with Endpoints.
Edited: We found that our requirements can work together with Endpoints, but we did not find any Python examples to help, or to support an OpenID provider. We created our own "email/password" authentication option and enable it in parallel with Google OAuth. Overall the documentation on authentication when using Cloud Endpoints is minimal. Documentation and examples are stronger for the newer "Mobile Backend" project.
You are right, at this point you can build an oAuth provider using the lib provided in app-engine but that requires your users to have an Google account. So to protect my API I had to build my own custom oAuth2 provider. I did this by using the python oAuthLib library (oAuthLib). They have an awesome doc that will guide you through. I also made a rough document on how I made it app engine specific. If interested please take a look at the link Blog page
I hope this helps.
I want to implement some form of access control for a REST API implemented in App engine. Is it possible to get the list of GAE Applications that a user has permissions to administer or view in the app engine console. Or whether the user has permissions to administer/view the current application.
Note: the Users API does not work for me because this is a rest server called by another google app not a web service called by a user from the browser. OAuth API seems promising but I was unable to find an OAuth scope or rest endpoint for getting GAE related information.
there is no API that can provide a "list of GAE Applications that a user has permissions to administer." Google Cloud Endpoints on App Engine (Trusted Tester program) may be useful for hosting custom RESTful APIs with user authorization may be useful, read more here: http://endpoints-trusted-tester.appspot.com/
There must be an API as the Google Eclipse plugin is using it.
https://developers.google.com/eclipse/docs/signin?hl=de
But it is not documented.