作为iOS应用程序向Google Cloud Endpoints进行身份验证(不具有Google帐户凭据的用户) [英] Authenticating to Google Cloud Endpoints as iOS app (not user with Google account credentials)
问题描述
我的一个iOS应用程序使用Google Cloud Endpoints与我的一项服务联系,我想将对该服务的访问限制为该应用程序的实例.
One of my iOS apps contacts one of my services using Google Cloud Endpoints and I would like to restrict access to that service to instances of the app.
我已遵循有关添加授权的说明与我的应用程序的捆绑软件ID和应用程序商店ID相关联的iOS客户端ID.我现在很难理解说明的这一部分:
I've followed instructions about adding authorization and have created an iOS client ID that is tied to my app's bundle id and app store id. I've now difficulties understanding this part of the instructions:
如果您的iOS应用正在呼叫需要以下操作的端点 身份验证,您必须将登录对话框添加到iOS客户端.
If your iOS app is making calls to an Endpoint that requires authentication, you must Add a Sign-in Dialog to your iOS client.
我不希望我的用户登录,但我希望我的应用无需服务即可与应用程序将其凭据提供给服务以进行身份验证.我以为,由于客户端ID(大概是加密地)与客户端ID和捆绑包ID绑定在一起,因此只有该应用程序能够(以某种方式)能够这样做,并且客户端ID可以有效地充当服务帐户.
I do not want my users to log in but instead I want my app to present its credentials to the service for authentication without user interaction. I thought since the client ID is (presumably cryptographically) tied to the client ID and bundle ID only the app is (somehow) able to do so and that the client ID would effectively serve like a service account.
Google Cloud Endpoints(适用于iOS客户端)是否支持这种类型的应用程序(非用户)身份验证方案,还是我必须通过在应用程序级协议中传递一些秘密来进行自己的应用程序身份验证?这是一些
Is this type of app (not user) authentication scenario supported by Google Cloud Endpoints (for iOS clients) or do I have to roll my own app authentication by passing some secret in the application-level protocol? Here are some earlier related (unanswered) questions for Android clients.
推荐答案
我现在已经得出结论,Google Cloud Endpoints仅基于Google帐户凭据 允许身份验证.我需要的是类似于服务帐户或API密钥的整个应用程序(而不是其用户)的凭据.
I have concluded for now that Google Cloud Endpoints allows authentication only based on Google account credentials. What I need is a credential for the entire app (not its users) akin to a service account or an API key.
我已使用服务帐户进行服务器到服务器的通信.似乎无法为应用程序(与GAE应用程序相对)创建服务帐户.
I have used service accounts for server-to-server communication. It does not seem possible to create service accounts for an app (as opposed to a GAE application).
GTLService具有属性APIKey.但是,如果我的客户端将其设置为我在Google Developer Console中为GAE应用程序创建的公共访问密钥(iOS密钥),则服务器将返回错误Access Not Configured. Please use Google Developers Console to activate the API for your project,但是没有(显而易见的)方法可用于配置非Google API,例如我的服务API.
GTLService has a property APIKey. However, if my client sets it to a public access key (iOS key) that I created for my GAE application in Google Developer Console the server returns error Access Not Configured. Please use Google Developers Console to activate the API for your project but there is no (obvious) way for configuring non-Google APIs such as my service API.
因此,在另行通知之前,我将向我的应用程序级API请求添加一个API密钥,并在每个@ApiMethod中对其进行检查.
So until further notice I will add an API key to my application-level API requests and check it in each @ApiMethod.
这篇关于作为iOS应用程序向Google Cloud Endpoints进行身份验证(不具有Google帐户凭据的用户)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
