我如何可以通过自定义信息从一个App Engine身份验证的端点？ [英] How can I pass custom information from an App Engine Authenticator to the Endpoint?

问题描述

我引用@MinWan的真棒答案在这个岗位<一个href=\"http://stackoverflow.com/questions/25365858/google-cloud-endpoints-and-users-authentication\">Google云端点和用户的认证，他描述了一种自定义页眉添加到针对App Engine的云端点的请求。

I am referencing @MinWan 's awesome answer in this post Google Cloud Endpoints and user's authentication, where he describes a way to add custom headers to a request against App Engine's Cloud Endpoints.

它变得清晰，我们可以添加自定义标题，写每每项服务（例如谷歌，微博，Facebook）的行为，我们要authenicate，其中每个认证读取特定的头和验证对服务的认证。如果令牌是有效的，一个服务通常返回与电子邮件地址或用户名，再加上一些额外的信息[A]的响应，从中我们生成一个com.google.api.server.spi.auth.common.User，这后来被传递到终点的方法com.google.appengine.api.users.User。

It becomes clear that we can add a custom header and write an authenticator per each service (e.g. Google, Twitter, Facebook) against which we want to authenicate, where each authenticator reads a specific header and authenticates against the service. If the token is valid, a service typically returns a response with an email address or user id, plus some extra information [A], from which we generate a com.google.api.server.spi.auth.common.User, which is later passed into the endpoint method as com.google.appengine.api.users.User.

第一个问题：为什么我们有两个不同的用户实体，例如用户提供不同的命名空间？因为它似乎，这些既不是子/超类，所以他们可能显式转换幕后。

First question: Why do we have two different User entities, e.g. users with different namespaces? As it seems, these are neither sub/superclasses, so they are possibly explicitly cast behind the scenes.

第二个问题：自带的显式转换用户实体，没有自定义字段，我可以把额外的信息[A]服务返回的问题是，额外的信息丢失。这样的额外的信息可以为外部服务的的oauth2用户匹配到本地用户或由其它服务返回的oauth2用户是有益的。

Second question: The problem that comes with the explicitly cast User entity and that there is no custom field where I could put the extra information [A] returned by the service, is that the extra information is lost. Such extra information may be helpful for matching the oauth2 user of the external service to a local user or to oauth2 users returned by other services.

任何输入？什么是处理多个认证服务建议的方法是什么？

Any input? What's the suggested way of handling multiple authentication services?

推荐答案

刚刚测试过了，你绝对可以子类用户包含任何你想要的私人领域。只要使用类继承多态性返回类型从认证方法的对象，而无需在方法签名改变从默认的用户类型。

Just tested, and you can definitely subclass User to contain whichever private fields you want. Just use class inheritance polymorphism to return an object of that type from the Authenticator method, without changing the type from default User in the method signature.

import javax.servlet.http.HttpServletRequest;
import com.google.api.server.spi.auth.common.User;
import com.google.api.server.spi.config.Authenticator;

public class BazUser extends User {
        private String secret; // extra piece of data held by this User
        public BazUser(String email) {
                super(email);
                this.secret = "notasecret";
        }
        public BazUser (String email, String secret) {
                super (email);
                this.secret = secret;
        }
}

public class BazAuthenticator implements Authenticator {
        public User authenticate(HttpServletRequest req) {
                return new BazUser ("userid@baz.com", "secret");
        }
}

这篇关于我如何可以通过自定义信息从一个App Engine身份验证的端点？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！