3

My overall goal is to create a mobile and web app that allows for multiple identity providers (google, Facebook, email/password) and uses a google cloud endpoint (python) that preform a user authorization check. I am trying to figure out the best method of doing this.

Is it possible to use the google identity tool kit to preform the user authorization check within the endpoint that I want to secure? I cant seem to figure out how I would go about doing this. As far as I know I would not be able to call the endpoints.get_current_user() to validate the user as it will only work with google+ logins.

I am also open to other suggestions (not using identity tool kit)

Any help would be really appreciated

Thank you

Sundeep Balsara
  • 33
  • 2
  • Do you have any code yet, or are you just investigating? If you have something at all, even if it's only kind of working, it would help to include it here. – zck Jun 12 '15 at 18:12

1 Answers1

2

You are correct that you cannot use the endpoints.get_current_user() method to validate an Identity Toolkit user.

To use Identity Toolkit with Cloud Endpoints, you should use the built in sessions to represent the user.

After Identity Toolkit authentication is complete at the client, you should send the ID token to a "login" endpoint, validate the token, then create a new session that you include on subsequent requests.

dsalama
  • 242
  • 1
  • 6