How do I create an OAuth2.0 Authenticator when calling the App Engine endpoints API?
I am providing REST API through App Engine. I used Cloud Endpoints to create it, although the client will not be a mobile Android / iPhone, but rather a well-known web server. Since I am familiar with this server (this is part of my application), I decided to use service account authorization to allow API calls (also, I will perform IP validation, but this is not the case).
I did everything needed, created a google developer project, generated the service account (and email) id, with a p12 file, and added all the annotations needed on the server side (including the User object in the implementation function).
Now I want to implement a call to this API, and for it to work I need to include the correct authorization header in my request.
When working with Google APIs, the client libraries generate some Credential object that you need to pass later when creating some service object that is the Google API you want to call. For example, if you want to access the Drive API in Java, you would do:
Drive drive = new Drive.Builder (Globals.httpTransport, Globals.jsonFactory, credentials) .build ();
If the credential object is an object I previously built like this:
credential = new GoogleCredential.Builder (). setTransport (Globals.httpTransport) .setJsonFactory (Globals.jsonFactory) .setServiceAccountId (serviceAccountEmail) .setServiceAccountScopes (scopes) .setServiceAccountUser (serviceAccountUser) .setServiceFccountPrivatePrivatePrivate
However, in my case, the client is not calling the Google API, but rather the App Engine REST API. How do I start generating (or using a credential object that I created to get) the appropriate authorization header?
source to share
You can find documentation in the readme.html file that is generated along with the bindings and here .
You can get the following account information in console , "Apis and Auth", "Credentials". Here you need to insert the "Email Address" of the service account. Your @Api annotation must include the "Client ID" account in the "clientIds" parameter.
String accountEmail = "your-service-account@developer.gserviceaccount.com";
String keyFilePath = "your-key-file.p12";
This is the minimum scope required for the Cloud Endpoint API. It only allows the application to access the user's email address. Your @Api annotation should display it in the Scopes parameter.
String emailScope = "https://www.googleapis.com/auth/userinfo.email";
Then you need to create some support objects and credentials. If you prefer, GsonFactory can be replaced with JsonFactory.
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
GsonFactory gsonFactory = new GsonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(gsonFactory)
.setServiceAccountId(accountEmail)
.setServiceAccountScopes(Collections.singleton(emailScope))
.setServiceAccountPrivateKeyFromP12File(new File(keyFilePath))
.build();
Finally, create your API client. Replace YourApi with the client from the generated bindings. If you want to test the Dev-App App, you can call .setRootUrl (yourDevServerUrl + "/ _ah / api) in the constructor.
YourApi client = new YourApi.Builder(httpTransport, gsonFactory, credential)
.setApplicationName("YourClientName")
.build();
source to share