What is suggested way to utilise the Google Identity Toolkit with Appengine. In such a way that all request are validated for authorised Client(device) and also the authorised User.
Related
We are migrating part of our web app to a native mobile app (iOS and Android). We store all user info in our own database, including authentication info (username & pwd). We have a REST API for use by mobile apps and are trying to implement that in Google Cloud Endpoints.
We use an API key for identifying the app.
We want to also authenticate each user. The app will request the username and pwd and then pass that through the REST API. Our backend will confirm (by looking up the username/pwd in the db) if the user is valid. Ideally, at this point we would return a JWT.
Can this be done? The GCE documentation talks about authenticating Google users, and Facebook users. We don't want that. We don't want to use Firebase (unless a custom mechanism can be set up to authenticate). We will manage accounts. We will check if the username and pwd provided (through the app) identifies a valid user.
In trying to use a backend based on Google App Engine Standard and ESPv2, the documentation states that IAP must be enabled. IAP appears to authenticate users in a way we don't want. We want to authenticate users based on the username and pwd they provide and that we manage. Can this be done?
Any pointers would be greatly appreciated.
Thank you.
I have a GWT-based app deployed on Google App Engine (Java). The app uses Google Account for authentication as described here: https://cloud.google.com/appengine/docs/java/users/ and uses GWT-RPC for communicating with the backend services. I use GAE's UserService to get the user object (and email ID) in my RemoteServiceServlet.
Now I want to replace Google Account with Google Identity Toolkit (GIT) so that I can offer more login options (Email, Google, Facebook etc.) to my users. I have created a small GAE-based sample application (non-GWT) using GIT and it works well. I used the GitKitClient library for Java to do the OAuth token authentication and get the user profile on the server.
But I'm wondering how GIT would work with GWT-RPC. Would the GAE UserService still work in my RemoteServiceServlet if I switch to GIT for login (instead of Google Account)? Or do I need to do the OAuth token authentication in my RemoteServiceServlet using the GitKitClient as I do in my non-GWT sample app?
I'm very new to GIT and OAuth and would appreciate any help on this matter.
Thanks.
GAE UserService does not recognize the Google Identity Toolkit token. You need to use the Google Identity Toolkit Java library to validate the Google Identity Toolkit token in your RemoteServiceServlet, in the same way as you already implemented in your sample GAE app.
I'm building a website in Go(lang) using Google App Engine. I want users to be able to register for the site by providing an Email and Password. I don't want to use the users API, because I don't want my users to require a google account and I eventually plan on making this a pay site.
What is a good way to handle user registration/authentication on google app engine? Should I use the datastore for user accounts and credentials, or Cloud SQL? Any other good options? I don't know where to start.
IMHO it's easier to use an existing, reputable infrastructure/service.
Google offers such services, see What is the difference between Google identity toolkit, Google OAauth and Google+ sign in.
I opted for the Google Identity Toolkit, which nicely supports simultaneously both private accounts and federated logins with several popular identity providers.
Update June 17, 2016: The banner on the GITkit doumentation authentication indicates GITkit may be on its way out, to be absorbed into the Firebase Authentication.
I'm running several apps on Google App Engine. I am using the UserService for Authentication to be able to send emails on behalf of the user etc. and OAuth2 for API authorization.
I am now trying to publish the apps on the Google Apps Marketplace, but I received an email telling me it is required to use OAuth2 for authentication.
As I am just using the supported Google stack I assume there is a way to meet the requirements for publishing my apps on the Google Apps Marketplace but right now I'm stuck.
This is similar to another question. The challenge is that the User service is using still using OpenID. You'll need to use a Client library to authenticate the user.
Here are good samples in Python & Java.
Currently we use Openid 2.0 for user authentication and Oauth for authorization of other services. Openid 2.0 is deprecated and Google will not provide authentication using Open Id. For time line refer this link https://developers.google.com/+/api/auth-migration#timetable
So they are suggesting to use OpenidConnect for authentication of user. OpenIdConnect is a layer written over Oauth 2.0 for authentication of user.
For references visit http://openid.net/connect/ and https://developers.google.com/accounts/docs/OAuth2Login?hl=ja#appsetup
I am really fed up. All I see the Google App Engine tutorial was just making the example on how to authenticate without password. What if I want to authenticate directly from my gmail account, how can I do it???
User the google provided users service which can use your google account for auth.
https://developers.google.com/appengine/docs/python/gettingstarted/usingusers
Google App Engine provides several useful services based on Google infrastructure, accessible by applications using libraries included with the SDK. One such service is the Users service, which lets your application integrate with Google user accounts. With the Users service, your users can use the Google accounts they already have to sign in to your application.