I know the endpoints module has a get_current_user function, but as far as I know, the user object has no property or method to find out if the user is an admin.
Asked
Active
Viewed 181 times
1
bigblind
- 12,539
- 14
- 68
- 123
1 Answers
0
The first answer to this question was very helpful to me. It requires that you use the google+ sign in button, but that's a good temporary sollution. The reason I'd like to work something else out, is because I want to use this for admin console pages, in which case, the admin is already logged in to google, so having a google+ login button there looks weird.
An other way to implement this would be to make my own oauth system, where a script in the admin page makes a request to a a normal requesthandler, which requests if the user is an admin, and if so, returns a sort of admin token, which grants the user access to my endpoints methods. With every endpoints request, I'm already using such a token system in the user facing part of the application, because I can't use google accounts for the app. The token is only valid for a limited amount of time, and a limited number of requests.
-
2You don't need Google+ Sign-In. You just need to use Bearer tokens and avoid ID tokens. Unfortunately, you must use ID tokens on Android. – bossylobster Jun 22 '13 at 06:40