Google Cloud Endpoints 和用户身份验证 [英] Google Cloud Endpoints and user's authentication

问题描述

我目前是 AppEngine 领域的新手，想使用 Cloud Endpoints 为我正在开发的移动应用程序创建后端.

I'm currently new into the AppEngine world, and wanting to create a backend using Cloud Endpoints for a mobile application that I'm developing.

我现在的问题之一是关于用户的身份验证.我一直在关注 App Engine 上 Udacity 的 MOOC，他们教我们如何使用 Google 帐户对 API 请求的用户进行身份验证.在后端，我们只需要在我们的方法中添加一个 User 参数，并检查用户是否登录.据我所知，这个用户参数是由 App Engine 生成的，基于我们请求的 Authorization 标头.(可能需要确认一下)

One of my problem right now is about the user's authentication. I've been following the Udacity's MOOC on App Engine, and they taught us how to authenticate the user for API request using a Google Accounts. On the backend side, we simply have to add a User parameter to our method, and check if the user is signed in. As far as I know, this user parameter is generated by App Engine, based on the Authorization header of our request. (might need some confirmation there)

现在，有很多东西我不太明白，而且在这个 MOOC 中没有得到很好的解释.

Now, there's a bunch of stuff I'm not sure to understand and that weren't that well explained on this MOOC.

现在，我想知道这是否与 Google 之外的其他 OAuth 方案兼容?那么，如果我想实现 Facebook 身份验证，我是否会简单地传递 Facebook 访问令牌?

Now, I'd like to know if this is compatible with other OAuth schemes, beside Google? So, if I want to implement Facebook authentication, will I simply pass the facebook access token?

根据我的搜索结果，在 Android 上使用 Facebook SDK 将使我能够生成用户访问令牌，该令牌将我的用户标识为到 facebook.将它发送到我的后端后，我想用 Facebook 检查它的有效性，如果它有效，为我的应用程序创建一个新用户.现在，我还想生成一个新令牌，用于标识我的应用的用户.我需要怎么做才能这样做?

From what I searched, using the Facebook SDK on Android would lead me to be able to generate a User Access Token, which identifies my user to facebook. After sending it to my backend, I would want to check it's validity with Facebook, and if it's valid, create a new user to my application. Now, I'd also want to generate a new token that identify the user to my app. What would I need to do to do so?

推荐答案

您可以向 Endpoints 提供您自己的身份验证器，注入的用户将通过您的身份验证器获取https://developers.google.com/appengine/docs/java/endpoints/javadoc/com/google/api/server/spi/config/Authenticator.html.

You can supply your own authenticator to Endpoints and the injected User will be obtained with your authenticator https://developers.google.com/appengine/docs/java/endpoints/javadoc/com/google/api/server/spi/config/Authenticator.html.

Facebook 凭据可以通过标头发送，例如授权头，它可以通过 HttpServletRequest 从后端访问，你可以在 Authenticator.authenticate 方法中处理.

The Facebook credentials can be sent via a header, e.g. Authorization header and it can be accessed from backend via HttpServletRequest, which you can handle inside Authenticator.authenticate method.

例如.

// Custom Authenticator class
public class MyAuthenticator implements Authenticator {
  @Override
  public User authenticate(HttpServletRequest request) {
    String token = request.getHeader("Authorization");
    if (token != null) {
      String user = authenticateFacebook(token);  // apply your Facebook auth.
      if (user != null) {
        return new User(user);
      }
    }
    return null;
  }
}

// Endpoints class.
@Api(name = "example", authenticators = {MyAuthenticator.class})
public class MyEndpoints {
  public Container getThing(User user) {
    Container c = new Container();
    if (user != null) {
      c.email = user.getEmail();
    }
    return c;
  }

  public class Container {
    public String email;
    public String extraData;
  }
}

这篇关于Google Cloud Endpoints 和用户身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！