I've been successfully using the Remote API for Java in a standalone client and some time ago switched my app to use the experimental Federated Login. Now I am getting the can't get appId from remote api; status code = 302 exceptions every time my standalone client connects to the app.
I am looking for a confirmation of whether (or not) the Remote API for Java works with the Federated Login, to know whether the problem is on my side or a current limitation of GAE.
After some additional searching it appears that there's indeed an acknowledged problem with the use of Federated Login and Remote API, accepted as the issue 5165 by the App Engine team.
Related
I'm using cloud endpoints with authentication on python environment.
And I have two registered apps, one is native, other is web, on Cloud Console.
In native app, I can use my apis after authentication. But in web app, below error is happened.
Oauth framework user didn't match oauth token user.
The sequence is below:
I can get the result of gapi.auth.authorize() with token.
And when I call gapi.client.oauth2.userinfo.get(), I can get user info without error.
But when I call my api, I get this oauth error.
Of course I added client ids(native, web, api explorer) to allowed_client_ids.
But if the client id of web is removed, same error is happened and no warning about client id missing.
(As far as I know, If the client id in the request is not in allowed_client_ids, the warning about Client ID is not allowed is in the log)
And when I call api through the api explorer, same error is happened.
I don't have any idea how to investigate about this error with this short log message.
Is there any check points, suggestions?
Sorry for my poor English.
thanks,
UPDATE:
After some investigations, I've got root cause, it's Authentication Type of the application.
The Authentication Type of my application is Google Apps domain.
I created another application with Google Account API authentication type and deployed same code,
I can get user info from get_current_user().
In the document, Cloud Endpoints project is created through Cloud Console,
but my application is created through AppEngine Console before.
thanks,
I have develop a Spring MVC Rest service on Google App Engine with Spring Security 3.1.
Since the service will be available only to my other apps, I have a basic authentication setup with predefined username and password.
Now, I have a client developed with RestTemplate. But I am not able to find a way to access my services securely with username and password, sent via RestTemplate.
I have gone through many articles, but most are using Apache HttpClient (not supported by google appengine).
SO, is there any alternatives to getting what i want on google appengine.
You can try the Basic Auth with URLFetch as this is supported by google, though you want to have the ssl enabled to for use Basic Auth.
You might want to see at this link, though not for appengine but should be good.
http://www.jpalace.org/docs/technotes/spring/rest-security.html
Our customers want to send emails from our java appengine application using their email accounts, with their smtp servers. Is that possible? Verifying all their email addresses in appengine is NOT an option. Would it be possible to send email from an appengine application using an external SMTP server?
Thank you very much.
No, there's no way for an App Engine app to make a connection to an external SMTP server. If you want to do this, you'll need to find or build a webservice that sends email via an HTTP-based interface.
It's possibly to do today, but requires some indirection. If they set up a web form (cgi script, web app , whatever) that forwards to their SMTP server (after making the appropriate authentication checks, of course), then it's a simple matter for an App Engine app to make a POST.
I'm trying to figure out how to implement the following authentication flow:
The user accesses a web application (most likely to be written using Ruby on Rails) and authenticates (e.g., username/password).
The client consumes data via AJAX provided by a RESTful API built on Google App Engine (Python, webapp2).
Requirements:
Only users authenticated in the web application (Rails) should be able to access the API hosted on App Engine.
Users can have different roles in the web application (Rails), and the API (App Engine) needs to know what roles are associated to the given user to restrict access to certain data.
The client should be able to call the API (App Engine) directly via AJAX, without routing all requests through the web application (Rails).
I'm looking for suggestions on how to implement such workflow. Should I use OAuth (or OAuth2) for accessing the API? Should the OAuth provider live on App Engine and the web application (Rails) ask the API for a token on behalf of the user? If so, what is the best way to allow only the web application (Rails) to request OAuth tokens? Or should I consider a completely different strategy?
Any suggestions are greatly appreciated. I'm also looking for suggestions of libraries to implement OAuth in the context above.
I suggest you use caution if you are considering implementing an API built on the Google App Engine using OAuth for your security layer. I am currently involved in a project that is struggling to solve exactly this problem. The OAuth layer over the GAE is still new and considered by Google to be "experimental". Google's documentation is minimal at this point. What there is begins here. I wish you the best if you try to proceed, and I will do my best to offer help if you do.
My solution to this same problem was to write my own three-way authentication (like OAuth):
After the user is authenticated on the RoR server, it responds with a temporary token. This token is stored on the RoR server, is good for 60 seconds, and contains the user's roles.
The browser sends this token (using AJAX) to the webapp2 server. It's like logging in on that server using just the token.
The webapp2 server forwards the token on to the RoR server to make sure it is valid.
The RoR server makes sure the token hasn't expired and immediately deletes the token to prevent duplicate requests. If the token is valid, the RoR server responds with the user's roles.
If the response from the RoR server is good, the webapp2 server responds to the browser's AJAX call (in step 2) with a cookie indicating that this user is now logged in. The session should contain the user's roles.
Subsequent requests to the webapp2 server will include the cookie so that server can respond according to the user's roles.
Discovered a problem with connecting all together - Facebook, GWT and App Engine.
I need to authenticate user on my web site hosted on App Engine (Java) that uses GWT. After authentication, some information should be passed to server from facebook - like profile information, user list, etc.
Currently am trying to use facebook4gwt and authentication works fine, and I can obtain all needed information on client side, but can not transfer facebook session to server, particularly, obtain Facebook cookies for session verification.
Could anyone suggest any good solution for this? Probably, it would make sense to get rid of facebook4gwt and do everything on server side.
I have been using the gwt-facebook library for one year to authenticate users of my application on App Engine. When a user is already logged into Facebook, and has already authorized my application, I can automatically get the access_token in GWT and send it to the server which can then do the hard work (data syncing) with facebook-java-api library.