Getting Oauth token in app engine endpoints

Question

I am looking for a way of obtaining the OAuth2 token from an app engine java endpoint.

I am aware of doing this, for example:

@ApiMethod(name = "getMyResponse", path = "getMyResponse", httpMethod = ApiMethod.HttpMethod.GET)
public MyResponse getMyResponse(final User user, HttpServletRequest request)
        throws UserUnauthorizedException {
    String authorizationHeader = request.getHeader("Authorization");
    String token = authorizationHeader.substring(7);
    //do something with the token here
}

However, i am looking for something a bit more "civilized", than parsing strings from the HTTP header (like using some API, for example). Any ideas?

score 0 · Accepted Answer · answered Jul 17 '15 at 06:05

0

If all you need to do is get the token, but that seems uncivilized, then I'd suggest writing it yourself. Any API you could possibly use would only add weight to your codebase. I would simply write a helper function like :

private static String getToken (HttpServletRequest req){
   String authorizationHeader = req.getHeader("Authorization");
   String token = authorizationHeader.substring(7);
   return token;
}

and then in your code just reference

String token = getToken(request);

and your code is now civilized.

answered Jul 17 '15 at 06:05

Japes

255
2
16

That's certainly useful. Thanks. However, my main concern is portability of this code. Is it guaranteed to work across various clients ? (i.e. android, web, etc.). What if there will be some variation in how this token is formatted? It's a complex world, you know. I have no idea if that header will stay constant like this for eternity. I did some investigation and this: https://developers.google.com/identity/protocols/OAuth2UserAgent basically specifies what the protocol will look like, so that's reassuring. But still.. What we're doing here doesn't feel like someting very portable. – my chalupa Jul 17 '15 at 10:14
http headers are standardized and this would be stable. i suggest you look at the http documentation. After that, if you would agree, I'd appreciate it if you selected my answer as correct. good luck – Japes Jul 21 '15 at 02:53

Getting Oauth token in app engine endpoints

1 Answers1