GAE Endpoints, Python, Gitkit with IOS app

[Dewey Gaedcke]

What I have working now:

• IOS client passes me a Facebook or Google User token
  
• Simpleauth calls out to the IDP and verifies that token (plus loads /me) 
  
• Simpleauth returns me a user profile record with several data elements
  
• I can now find or create a user in ndb
  
• And return a bearer token to the IOS client
  
• Client uses this bearer token in the http header for subsequent endpoint requests....

That all works great......but we're switching to gitkit and that is not going nearly so smoothly.....

Problem:  when my IOS client passes me a gitkit token, simple auth has no clue what to do with it....except throw an error

Neither do I and I've been searching and reading for 3 days now and I'm getting tired....

I would greatly appreciate a simple Python example showing me:

• how to convert gtoken into a user object (in memory)
  
• how to uniquely identify that user object to see if he's already been stored in ndb
  
• what fields/properties are available on that user object to use in creating or updating my ndb record
  

I'd also like to know if the "login" code above should reside at a normal Webapp2 (REST) route, or if it should be a Cloud Endpoint method.

Finally, can I be certain that when the same user logs in again, and (I presume), gitkit generates a new gtoken, that gitkit will find/return the same user again.

Thanks immensely for any help...

D

[Ying Hao]

Here is sample python code that can verify gtoken: https://github.com/google/identity-toolkit-python-client/tree/master/identitytoolkit.

Here is a list of all fields that are being returned by Gitkit: https://developers.google.com/identity/toolkit/web/reference/relyingparty/verifyAssertion#request-body

All these fields are potentially accessible with GitkitClient, while not all fields are supported in the client library as of now.

Yes, you can be sure that the same user always has the same localId.