Correct way to pass OAuth2 authentication to my App Engine server's UserService?

[Nick Badal]

I'm building a backend for an Android app using GAE (Java), and I'd like to authenticate users on the client and server with their Google accounts.

Before OAuth2, you were able to use a Cookie retrieved from the _ah/login endpoint to authenticate users into your web app, but that method is deprecated and I'd like to be able to use the updated OAuth2 method.

In my Android app I've been able to generate a JSON Web Token using the following line:

String jwt = GoogleAuthUtil.getToken(FamiliarActivity.this, Plus.AccountApi.getAccountName(mGoogleApiClient), "audience:server:client_id:1234567.apps.googleusercontent.com");

or an OAuth token:

String oauth2 = GoogleAuthUtil.getToken(FamiliarActivity.this, Plus.AccountApi.getAccountName(mGoogleApiClient), "oauth2:server:client_id:1234567.apps.googleusercontent.com:api_scope:https://www.googleapis.com/auth/plus.login");

But, I haven't been able to figure out a way to use a token like this to trigger authentication in GAE like the Cookie used to. The documentation seems to indicate passing it as a header: "Authorization: Bearer <TOKEN>" but that doesn't seem to work.

I'd like to be able to prompt my users with the permissions they're allowing, send that info (I'd assume via the OAuth2 token) to my server, and be able to obtain that user via the UserService.

What is the correct way to retrieve and pass a token to my GAE endpoint so that it authenticates the user?

Thanks! :)

[pankaj anand]

Have a look at here: 

http://android-developers.blogspot.in/2012/09/google-play-services-and-oauth-identity.html

[Nick Badal]

Right, that method works for authenticating directly to google APIs; but like I said, it doesn't seem to work with GAE's UserService

[Nick Badal]

Does anybody know if this is possible?

[John Louis Del Rosario]

We use Python but we recently had to migrate from using OpenID to OAuth2. The Users service doesn't work with OAuth2 (yet?).
Basically we had to stop using the built-in Users service and re-create the functionality with OAuth2 behind the scenes.
It was a pain and took a lot of time.

[Vinny P]

On Mon, Dec 1, 2014 at 11:44 AM, Nick Badal <bada...@gmail.com> wrote:

Does anybody know if this is possible?

On Mon, Dec 1, 2014 at 9:36 PM, John Louis Del Rosario <joh...@gmail.com> wrote:

We use Python but we recently had to migrate from using OpenID to OAuth2. The Users service doesn't work with OAuth2 (yet?).
Basically we had to stop using the built-in Users service and re-create the functionality with OAuth2 behind the scenes.

+1. As John said, UserService isn't compatible with oauth2 right now. 

In your original post you described attempting to use a Bearer token header; that's the correct design for oauth2 but there's no evidence that UserService utilizes that header or even pays attention to it. You'll need to use one of the auth flows described here: https://developers.google.com/accounts/docs/OAuth2

 

 

-----------------

-Vinny P

Technology & Media Consultant

Chicago, IL

App Engine Code Samples: http://www.learntogoogleit.com