谷歌云端点限制......任何提出的解决方案？ [英] Google Cloud Endpoints limitations... any proposed solutions?

问题描述

我在想纠正云端点的善良附带以下限制：

1. 的REST API不能部署到自定义域（它会留在appspot.com）。


2. 支持的唯一的身份验证是对谷歌帐户的OAuth。
   
   
   
   1. 推论：这是目前不可能创建一个用户登录/会话跟踪机制，是谷歌账户无关的（例如，使用电子邮件作为用户名和密码）
   
   

是否有计划与这些限制，如果这样做了，什么是ETA？

解决方案

逐项考虑到这些项目：

1. 目前，是的，这仍是如此。请记住，我们的最初版本是针对一个的同方的用例，你的出发点基本上是服务于域名无关紧要（它不是用户/开发人员面临的）。如果你想用你的API来驱动一个网站，你可以使用自定义域有你的面向用户的内容，而且还使采用CORS请求您Appspot上域。如果你正在构建一个移动应用程序，没有人看到您所访问的。


2. 内置支持（即使用用户）对象仅限于谷歌帐户，但你可以自由通过检查OAuth的头建立你自己的身份验证方案（或电子邮件地址/密码，如果你一定要...）


3. （从意见，对于GA状态）。端点现在GA。


4. （从意见，对于公共API）。你的API必须是公开的，但你可以限制客户端，可以使请求。如果你想使一个秘密API，即API的存在本身必须得到保护，这是目前不支持。我很好奇地听到一个请求受欢迎程度如何，这是的，但我怀疑这是不是大多数人拦截。

Am I correct in thinking that the goodness of Cloud Endpoints comes with the following limitations:

1. The REST Api cannot be deployed to a custom domain (it'll remain on appspot.com).
2. The only authentication supported is OAuth against Google accounts.
   1. Corollary: it isn't currently possible to create a user login/session-tracking mechanism that is Google-accounts-agnostic (e.g., with email as username and a password).

Is there any plan to do away with these limitations and if so, what is the ETA?

解决方案

Taking these item by item:

1. Currently, yes this is still the case. Keep in mind, our initial release is targeted at a same-party use-case, where the domain you're serving from basically doesn't matter (it's not user/developer-facing). If you want to use your API to drive a website, you can use your custom domain to have your user-facing content, and still make requests to your appspot domain using CORS. If you're building a mobile app, no one sees the domain at all.
2. Built-in support (i.e. using the User object) is limited to Google accounts, but you're free to build your own authentication scheme by checking the OAuth headers (or email/password if you must...)
3. (From the comments, regarding GA status). Endpoints is now GA.
4. (From the comments, regarding public APIs). Your APIs must be public, but you can limit the clients that can make requests. If you want to make a secret API, i.e. the existence of the API must itself be protected, that's not currently supported. I'd be curious to hear how popular a request this is, but I suspect it's not a blocker for most people.

这篇关于谷歌云端点限制......任何提出的解决方案？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！