限制访问谷歌云端点Android应用 [英] Restrict access to google cloud endpoints to Android app

问题描述

我使用的是Android Studio来产生谷歌的云端点一个Android应用程序。我已经部署了终点，他们工作正常。

我想实现的是让只有我的应用程序访问端点。所有有关如何启用用户身份验证，但我只需要只能从我的应用程序限制接入终端的文档会谈。我不想使用用户凭据，因为API不使用。

我试过是创造我在谷歌控制台应用程序客户端ID并添加到API注释

  @Api（NAME =messageEndpoint的ClientID = {Ids.WEB_CLIENT_ID，Ids.ANDROID_CLIENT_ID，Ids.API_EXPLORER}，观众= {Ids.ANDROID_AUDIENCE}}
 

和每个API方法，我添加了一个用户参数，并检查用户是否为空或不是。我的理解是，用户应不为空，如果API是从客户端ID中的一个调用。但是，用户永远是零。

我缺少的东西？

在我的Andr​​oid应用我有

  GoogleAccountCredential凭证= GoogleAccountCredential.usingAudience（DelegateActivity.this，服务器：CLIENT_ID：+ Ids.ANDROID_AUDIENCE）;
MessageEndpoint.Builder endpointBuilder =新MessageEndpoint.Builder（
                        AndroidHttp.newCompatibleTransport（），新JacksonFactory（）
                        凭据）;
 

和除我得到的是：

 显示java.lang.NullPointerException：[齐]帐户名不能为空。
                        Ë在android.os.Parcel.readException（Parcel.java:1431）
                        Ë在android.os.Parcel.readException（Parcel.java:1379）
                        Ë在com.google.android.gms.internal.a $ A $ AA（来源不明）
                        Ë在com.google.android.gms.auth.GoogleAuthUtil.getToken（来源不明）
                        Ë在com.google.android.gms.auth.GoogleAuthUtil.getToken（来源不明）
                        吃com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential.getToken(GoogleAccountCredential.java:277)
                        吃com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential$RequestHandler.intercept(GoogleAccountCredential.java:301)
                        Ë在com.google.api.client.http.Htt prequest.execute（Htt的prequest.java：854）
                        吃com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
                        吃com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
                        吃com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
 

解决方案

我的理解是，用户会在你描述的情况空：验证应用程序，而不是用户。

如果应用程序验证失败那么你的终端甚至不会被调用。

我认为字符串[齐]帐户名不能为空。从你的应用程序？

I'm using Android Studio to generate Google Cloud Endpoints for an Android app. I've deployed the endpoints and they work ok.

What I want to achieve is to enable access to the endpoints only to my app. All the documentation talks about how to enable authentication for users but I only need to restrict the access to the endpoints only from my app. I don't want to use user credentials because the api does not use that.

What I tried is creating a client ID for my app in the Google Console and adding to the APi annotation

@Api(name = "messageEndpoint", clientIds = {Ids.WEB_CLIENT_ID, Ids.ANDROID_CLIENT_ID, Ids.API_EXPLORER}, audiences = {Ids.ANDROID_AUDIENCE}}

And for each API method, I've added a User parameter and check if the user is null or not. My understanding is that the user should be not null if the API is called from one of the client IDS. But user is always null.

Am I missing something?

In my Android app I have

GoogleAccountCredential credential = GoogleAccountCredential.usingAudience(DelegateActivity.this, "server:client_id:" + Ids.ANDROID_AUDIENCE);
MessageEndpoint.Builder endpointBuilder = new MessageEndpoint.Builder(
                        AndroidHttp.newCompatibleTransport(), new JacksonFactory(),
                        credential);

And the exception I am getting is:

java.lang.NullPointerException: [qi] accountName cannot be null.
                        E   at android.os.Parcel.readException(Parcel.java:1431)
                        E   at android.os.Parcel.readException(Parcel.java:1379)
                        E   at com.google.android.gms.internal.a$a$a.a(Unknown Source)
                        E   at com.google.android.gms.auth.GoogleAuthUtil.getToken(Unknown Source)
                        E   at com.google.android.gms.auth.GoogleAuthUtil.getToken(Unknown Source)
                        E   at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential.getToken(GoogleAccountCredential.java:277)
                        E   at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential$RequestHandler.intercept(GoogleAccountCredential.java:301)
                        E   at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:854)
                        E   at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
                        E   at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
                        E   at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)

解决方案

My understanding is that user will be null in the situation you described: authenticating the app and not the user.

If the app authentication fails then your endpoint won't even be called.

I assume that the string "[qi] accountName cannot be null." is from your app?

这篇关于限制访问谷歌云端点Android应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！