I refer to @MinWan's wonderful answer to this Google Cloud Endpoints post and user authentication , where he describes how to add custom headers to a request against the App Engine Endpoints cloud.
It is clear that we can add a custom header and write an authenticator for each service (for example, Google, Twitter, Facebook), against which we want to confirm where each authenticator reads a specific header and authenticates against this service. If the token is valid, the service usually returns a response with an email address or user ID, as well as additional information [A] from which we create com.google.api.server.spi.auth.common.User, which is later passed to the final method points like com.google.appengine.api.users.User.
First question: why do we have two different user objects, for example. users with different namespaces? These are apparently not sub / superclasses, so they are probably clearly hidden behind the scenes.
The second question: the problem associated with the explicit nature of the user, and that there is no special field where I could add additional information [A] returned by the service, is that additional information is lost. Such additional information may be useful for mapping the user of an external oauth2 service to a local user or to oauth2 users returned by other services.
Any input? What is the proposed way to handle multiple authentication services?
authentication google-app-engine google-oauth facebook-authentication google-cloud-endpoints
Oliver Hausler Feb 11 '15 at 3:00 2015-02-11 03:00
source share