I have a Google App Engine project with access restricted to "Google Apps Accounts". I would like to access this via URLFetch in Google Script for a Google Sheets custom function.
What is the best way to authenticate this call? Or associate these projects to allow access.
Related
I have an app running on google cloud platform. I have access to lists of people (in my organisation) through Cloud IAM. I only want my app engine app to be accessible to some of these lists with them having to log on with their Google Account before being allowed in to the site (is this how Cloud IAM permissions work or is this single service sign-on?).
What kind of rules or roles do I need to set just to allow groups or lists to see and use an application?
In cloud IAM i see these potential roles related to app engine.
The 'App Engine Viewer' role has this description: "Ability to view App Engine app status.". Is this what I want?
You need to use Cloud IAP to limit users authentication to your AppEngine application.
Roles you mentioned (as AppEngine Viewer...) permits you to limit administration rights on your app: to only publish a new version, or only browse informations about your app deployment.
You can start easily with IAP with this good and official tutorial.
We have an App Engine application build in Python using Endpoints. Access to it is restricted.
We have software that connects with the App Engine using a service account. With this service account we can also access Google Cloud Storage to create buckets.
Now we want to allow access to the App Engine (and not the Cloud Storage) for specific clients who will write their own software. So their software will be their end-user.
What do we have to create and share with the client so their software can authenticate only with the App Engine?
A service account does not seem possible since this allows access to the Cloud Storage.
If you have a google app engine application you want to have on a certain domain for this application, you control this domain but if this domain is used already used for e-mail (not on Google Business Apps), does this mean you have to switch your e-mail to Google Business Apps in order to have this domain for your google app engine application?
As far as I know you have to add the domain to google apps, but you don't have to use google mail.
I am really fed up. All I see the Google App Engine tutorial was just making the example on how to authenticate without password. What if I want to authenticate directly from my gmail account, how can I do it???
User the google provided users service which can use your google account for auth.
https://developers.google.com/appengine/docs/python/gettingstarted/usingusers
Google App Engine provides several useful services based on Google infrastructure, accessible by applications using libraries included with the SDK. One such service is the Users service, which lets your application integrate with Google user accounts. With the Users service, your users can use the Google accounts they already have to sign in to your application.
I want to implement some form of access control for a REST API implemented in App engine. Is it possible to get the list of GAE Applications that a user has permissions to administer or view in the app engine console. Or whether the user has permissions to administer/view the current application.
Note: the Users API does not work for me because this is a rest server called by another google app not a web service called by a user from the browser. OAuth API seems promising but I was unable to find an OAuth scope or rest endpoint for getting GAE related information.
there is no API that can provide a "list of GAE Applications that a user has permissions to administer." Google Cloud Endpoints on App Engine (Trusted Tester program) may be useful for hosting custom RESTful APIs with user authorization may be useful, read more here: http://endpoints-trusted-tester.appspot.com/
There must be an API as the Google Eclipse plugin is using it.
https://developers.google.com/eclipse/docs/signin?hl=de
But it is not documented.