Google API-跨平台客户端凭据身份验证 [英] Google API - Cross platform client credential authentication
问题描述
我们正在使用一个名为LibGdx的框架,该框架允许您仅使用Java编写跨平台代码.我们正在为Android和iOS开发.
我们在Google云中有一个数据存储,还有一个我们用来与该数据存储进行通信的Google应用引擎API.
现在,我们想保护此API,但找不到如何在跨平台上实现此方法的良好指导.由于我们混合使用fb-login和email-login,因此我们需要使用客户端凭据(即,仅允许我们的应用程序与我们的API通信).
使用.NET,您将发送客户端凭据(客户端ID/密码),然后获取访问令牌,不确定在这种情况下如何进行处理.我们没有任何范围或类似的东西,我们只想保护我们的API,因此不能被任何人调用.因此,一个简单的Bearer-token就能解决我们的问题.只是不确定从哪里开始.
您应该看看Firebase身份验证
https://firebase.google.com/docs/auth/
Firebase支持多个登录提供程序,例如Google和Facebook.您将收到来自Firebase身份验证的令牌,您必须将该令牌转发到Google App Engine上的API.
您可以使用Google App Engine上的Firebase Admin SDK再次验证令牌
https://firebase.google.com/docs/admin/setup
We are using a framework called LibGdx, which allows you to write cross-platform code using only Java. We are developing for Android and iOS.
We have a datastore in Google cloud, as well as an Google app engine api we made to communicate with this datastore.
Now we want to secure this API, but cannot find good guidance on how to approach this for cross-platform. Since we have a mix of fb-login and email-login we need to use client credentials (i.e only our app is allowed to communicate with our API).
Using .NET you would send client credentials (Client ID/Cleint secret), then get an access token, not sure how to approach that in this scenario. We do not have any scopes or anything like that, we just want to secure our API so it can't just be called by anyone. So a simple Bearer-token would solve our issues. Just not sure where to begin.
you should have a look at Firebase Authentication
https://firebase.google.com/docs/auth/
Firebase supports several login providers like Google and Facebook. You will receive a token from Firebase Authentication which you have to forward to your API at Google App Engine.
You can use the Firebase Admin SDK at Google App Engine to validate the Token again
https://firebase.google.com/docs/admin/setup
这篇关于Google API-跨平台客户端凭据身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
