Android客户端-使用Google Cloud Endpoints的Google App引擎身份验证 [英] Android Client - Google App engine authentication using Google Cloud Endpoints

问题描述

我有一个使用Python/Google Appengine/WebApp2框架编写的Web应用程序.该Web应用程序具有本机(自定义)身份验证.用户名/密码由应用程序管理(它不使用Google帐户).

I have a web application that is written on Python / Google Appengine / WebApp2 framework. The web application has native (custom) authentication. The userid / password is managed by the application (and it does not use Google Accounts).

该Web应用程序也需要扩展到Mobile客户端.因此，我正在开发本机Android客户端应用程序，并尝试与Google Appengine集成.

The web application needs to be extended to Mobile clients as well. So I am developing a native Android Client application and trying to integrate with Google Appengine.

对于从Android客户端到Google应用程序引擎的身份验证，我尝试通过使用Google Cloud Endpoints使其非常简单.您能否建议我下面的方法是否正确?

For authentication from the Android Client to the Google app engine, I am trying to keep it very simple by using Google Cloud Endpoints. Can you please suggest if my approach below is correct ?

1. 使用Google App Engine控制台(适用于Android，Web和最终的IOS)生成客户端ID的白名单.
2. 按照此处建议的那样，使用客户端白名单(Web，android和IOS)创建Google Cloud Endpoint后端Api(使用Python)–

1. Generate a white list of client IDs using the Google app engine console (for Android, Web and eventually IOS).
2. Create a Google Cloud Endpoint backend Api (in Python) with the white list of clients(Web, android and IOS) as suggested here – https://cloud.google.com/appengine/docs/python/endpoints/getstarted/backend/
3. Create a backend library.
4. Import the library to the Android Client

我对上述情况的期望如下–

My expectation after the above are as follows –

1. 使用Google Cloud Endpoints Api(来自Android客户端)的最终用户将使用Google App引擎对android客户端进行身份验证.
2. 作为Client-GAE的安全身份验证的一部分，我可以将用户登录ID作为API调用的参数传递，并获取该特定用户ID的数据/发布数据.
3. 我正在使用移动客户端中的本地存储来存储最终用户的用户ID(而不是密码).

请问我上面的方法是否正确?我有意避免使用从Android客户端到GAE的基于Google帐户的身份验证.

Can you please suggest if my approach above is correct? I purposefully would like to avoid using Google Accounts based authentication from Android Client to the GAE.

推荐答案

为了通过Google Cloud Endpoints将App Engine用户实例注入到API方法中，您确实需要在Android应用程序中使用Google帐户.您的Android代码中的服务构建器需要一个GoogleAccountCredential.

In order to get an App Engine user instance injected into your API method by Google Cloud Endpoints, you do need to be using a Google account in the Android app. The service builder in your Android code takes a GoogleAccountCredential.

您仍然可以支持自己的用户名和密码，但是您不能使用用户注入.

You can still support your own userid and password, but you can't leverage the user injection if you do.

如果您不想在Android应用中使用Google帐户，请忘记SHA1和API密钥.您将必须进行自己的身份验证.这取决于您的操作方式，但是您可以通过使用用户名和密码并返回令牌的API调用来开始会话.例如，所有其他API调用都可能使用该令牌并在返回结果之前检查其有效性.

If you're not going to use Google Accounts in the Android app, forget the SHA1 and API key. You're going to have to roll your own auth. It's up to you how you do this, but you might start your session with an API call that takes a username and password and returns a token. All other API calls might take that token and check it for validity before returning a result, for example.

这篇关于Android客户端-使用Google Cloud Endpoints的Google App引擎身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！