授权客户访问App Engine后端 [英] Authorizing Client Acces to App Engine Backend
问题描述
我有一个用于Android客户端的简单Google App Engine后端(用Python编写).后端负责的全部工作是接受密钥并返回值;通常,它是一个分类器,只需在Cloud SQL表中查找键即可实现,尽管这种特定行为将来会有所改变.
I have a simple Google App Engine backend (written in Python) for an Android client. All the backend is responsible for is accepting a key and returning a value; it is a classifier in general, implemented simply by looking up the key in a Cloud SQL table, though this specific behavior will change in the future.
后端和客户端通过Google Cloud Endpoints进行通信.我想限制对后端API的访问,以仅接受来自客户端的请求,并且想知道OAuth 2.0是否真的是这样做的方法.
The backend and client communicate via Google Cloud Endpoints. I want to restrict access to my backend's API to only accept requests incoming from my client, and am wondering if OAuth 2.0 is really the way to do this.
我不需要用户提供任何上下文信息或其他信息,因此,我不想让用户采取行动来授予任何类型的授权.我需要做的就是确定请求来自我的应用程序.我当时考虑只生成一个静态密钥,然后在客户端和后端对其进行硬编码,但是我认为必须有一种更优雅的方法来实现此目的.
I don't need any contextual or extra information from the user, and as such, don't want to have user action to grant any type of authorization. All I need to do is be certain the request came from my app. I was considering simply generating a static key and hardcoding it in my client and backend, but I thought there must be a more elegant way to do this.
TL; DR:如何通过OAuth 2.0或其他方式将对后端的访问权限限制为仅对客户端/应用程序进行访问而无需用户上下文/输入?
TL;DR: How can I restrict access to my backend only to my client/app without needing user context/input, by OAuth 2.0 or otherwise?
推荐答案
我不知道OP是否解决了他们的问题,但我在此为其他人发布.在这个特定的问题上,我已经浪费了好几个小时.
I don't know if the OP solved their problem but I am posting this here for others. I have wasted quite a few hours on this particular issue.
步骤:
1.为您的Android客户端创建oAuth 2.0客户端ID.
2.在endpoints.api的allowed_client_ids参数中指定客户端ID.在这种情况下(Android),在allowed_client_ids中同时提供其Android客户端ID和网络客户端ID.
2.Specify the Client IDs in the allowed_client_ids argument of the endpoints.api. In this case (Android), supply both its Android client ID and a web client ID in allowed_client_ids.
3.还将endpoints.api也提供受众参数,该参数已设置为Web客户端ID.
3.Supply the audiences argument as well in endpoints.api which is set to the web client ID.
5.重新部署API后端.
5.Redeploy the API backend.
6.重新生成客户端库.
6.Regenerate the client libraries.
这篇关于授权客户访问App Engine后端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!