What is the difference between UnauthorizedException and OAuthRequestException in Cloud Endpoints?
In cloud endpoints, my understanding is that when doing OAuth, I need to check if user == null
determine if the user is authenticated. In case the user is null, I have to throw an exception. In the Google Cloud Endpoints code examples, I've seen two different exceptions being used.
The OAuth documentation for cloud computing endpoints says it is throwing OAuthRequestException
. However, I've seen other codebases (including Udacity Course ) throw UnauthorizedException
.
I noticed that OAuthRequestException is not propagated from com.google.api.server.spi.ServiceException, so Im think UnauthorizedException is the right choice?
Which one should I use?
source to share
I would stick with the UnauthorizedException' since it extends from the
ServiceException class . According to the documentation at https://developers.google.com/appengine/docs/java/endpoints/exceptions and API best practice, it is recommended that you display exceptions in such a way that the correct HTTP status code is thrown.
So in case UnauthorizedException
, HTTP 401 is called.
This is what I usually do in my code, and I believe (and which you can try!) That you will see a standard error so that the entire HTTP error code is bounced back if you throw exceptions such as OAuthRequestException
that are not propagated ServiceException
(HTTP 503 or HTTP 500)
source to share