Clever Geek Handbook

Can Google Cloud Endpoints Built in Authentication be used with the Google+ Domains API?

Google cloud endpoints have their own authentication process in which the backend endpoint method is simply passed com.google.appengine.api.users.User

.

https://cloud.google.com/appengine/docs/java/endpoints/auth

The Google+ Domains API defines its own authentication process to get an object com.google.api.client.auth.oauth2.Credential

. This allows you to create an object com.google.api.services.plusDomains.PlusDomain

.

https://developers.google.com/+/domains/authentication/

How would you integrate these two authentication processes? This is for a web application (Java Script) with a Google App Engine (Java) backend.

Ideally, I would like to get the bio / profile information of users through my JS app when the user is disconnected.

Use case. I have a comment stream where each comment stores the author in the Google Data Warehouse as an object com.google.appengine.api.users.User

. However, when I create a comment thread in my JS web application, I would like to show a profile picture for each author. If I could call from the web app to get the bio for each commenter, I could save a lot of work on the backend. The web app will have a custom object as JSON. Which includes a user ID and email address.

+3


source to share


1 answer


So your use case:

  • your users authenticate to your application by providing the basic userinfo.profile needed to get the object com.google.appengine.api.users.User

    correctly retrieved in your endpoint API.
  • you store these user objects in the db, and when you fetch them to display the stream they commented, you want to make a call to the google + people.get API to get their image image url.

Solution: If your users were given an oauth stream that gave them the required scope to call google + API ( profile

) in addition to the "userinfo.profile" scope with regular endpoints, there would be no need to call the Google+ API, either from JS or Java with using the Google API client libraries after going through this flow to get the credentials.



To avoid re-authenticating them every time, you must serialize and store the credential object from the given language , or you can even just track the refresh token for your grant and go through the low-level OAuth dance to get a new access token (you probably want to do first, since it does it for you).

As stated elsewhere on the internet (in some other places), the userid from the User object does not match the Google+ profile ID, so keep that in mind when working with the User endpoints parameters. Therefore, you will not be able to use the user id from the User object to call people.get

.

Instead, you must save the user's Google+ profile ID at the time they first logged in, or at least went through the oauth flow that provided the required Google+ realm along with the User object you already used. You will need to use (or) serialized credential objects or refresh / access tokens to call the Google+ API after getting the Google+ profile ID from each user data model in your store (no matter which solution you use, from Datastore to SQL, etc. .)

+3


source






More articles:


All Articles