I'm trying to split a monolith Google App Engine application (using Python & standard environment) into several services within one application. Default service is calling API implemented using the Endpoints framework in another service.
Everything works nicely except that I don't understand how to correctly check authentication of the default service (and make it work both in local development server and in production).
To call the service I'm using google-api-python-client
and default application credentials.
from googleapiclient.discovery import build
from oauth2client.client import GoogleCredentials
service = build(
name, version,
credentials=GoogleCredentials.get_application_default(),
discoveryServiceUrl=discovery_url)
service.client_token().execute()
My service API code looks like the following
@endpoints.api(
name='test',
version='v1',
)
class TestApi(remote.Service):
@endpoints.method(
message_types.VoidMessage,
TestResponse,
path='test',
http_method='GET',
name='test')
def get_test(self, request):
# user = endpoints.get_current_user()
# if not user:
# raise endpoints.UnauthorizedException
return TestResponse(test='test')
In production endpoints.get_current_user()
seems to return a correct application user, but I don't know how to correctly validate that it's the same application. In local development environment endpoints.get_current_user()
returns None
.
You're doing it wrong. You're defining
user
, but not using it.The following example greets a user who has signed in to the app with a personalized message and a link to sign out. If the user is not signed in, the app offers a link to the sign-in page for Google Accounts.
If you use the
from google.appengine.api import users
module:When creating a
user
you still need to check if it's empty or not. Plususer
stores different values. So you just need to make a call to them and define them.If you have pages that require the user to be signed in in order to access, you can enforce this in your app.yaml file.
By default, your app will use Google Accounts for authentication. To choose another option, such as Google Apps domain, go to the settings page for your project in the Google Cloud Platform Console and click
Edit
. In the Google authenticationdropdown menu
, select the desired authentication type, and then clickSave
.You could however also use the Tipfy framework.