将谷歌云端点的访问权限限制为 Android 应用 [英] Restrict access to google cloud endpoints to Android app

问题描述

我正在使用 Android Studio 为 Android 应用生成 Google Cloud Endpoints.我已经部署了端点，它们工作正常.

I'm using Android Studio to generate Google Cloud Endpoints for an Android app. I've deployed the endpoints and they work ok.

我想要实现的是仅允许访问我的应用程序的端点.所有文档都讨论了如何为用户启用身份验证，但我只需要限制我的应用程序对端点的访问.我不想使用用户凭据，因为 api 不使用它.

What I want to achieve is to enable access to the endpoints only to my app. All the documentation talks about how to enable authentication for users but I only need to restrict the access to the endpoints only from my app. I don't want to use user credentials because the api does not use that.

我尝试的是在 Google 控制台中为我的应用创建一个客户端 ID 并添加到 API 注释中

What I tried is creating a client ID for my app in the Google Console and adding to the APi annotation

@Api(name = "messageEndpoint", clientIds = {Ids.WEB_CLIENT_ID, Ids.ANDROID_CLIENT_ID, Ids.API_EXPLORER}, audiences = {Ids.ANDROID_AUDIENCE}}

对于每个 API 方法，我都添加了一个 User 参数并检查用户是否为空.我的理解是，如果从客户端 IDS 之一调用 API，则用户不应为空.但是用户总是空的.

And for each API method, I've added a User parameter and check if the user is null or not. My understanding is that the user should be not null if the API is called from one of the client IDS. But user is always null.

我错过了什么吗?

在我的 Android 应用程序中

In my Android app I have

GoogleAccountCredential credential = GoogleAccountCredential.usingAudience(DelegateActivity.this, "server:client_id:" + Ids.ANDROID_AUDIENCE);
MessageEndpoint.Builder endpointBuilder = new MessageEndpoint.Builder(
                        AndroidHttp.newCompatibleTransport(), new JacksonFactory(),
                        credential);

我得到的例外是:

java.lang.NullPointerException: [qi] accountName cannot be null.
                        E   at android.os.Parcel.readException(Parcel.java:1431)
                        E   at android.os.Parcel.readException(Parcel.java:1379)
                        E   at com.google.android.gms.internal.a$a$a.a(Unknown Source)
                        E   at com.google.android.gms.auth.GoogleAuthUtil.getToken(Unknown Source)
                        E   at com.google.android.gms.auth.GoogleAuthUtil.getToken(Unknown Source)
                        E   at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential.getToken(GoogleAccountCredential.java:277)
                        E   at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential$RequestHandler.intercept(GoogleAccountCredential.java:301)
                        E   at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:854)
                        E   at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
                        E   at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
                        E   at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)

推荐答案

我的理解是，在您描述的情况下，用户将为空:验证应用程序而不是用户.

My understanding is that user will be null in the situation you described: authenticating the app and not the user.

如果应用身份验证失败，则您的端点甚至不会被调用.

If the app authentication fails then your endpoint won't even be called.

我假设字符串[qi] accountName 不能为空."来自您的应用?

I assume that the string "[qi] accountName cannot be null." is from your app?

这篇关于将谷歌云端点的访问权限限制为 Android 应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！