Protecting an endpoint with OAuth2
Even if our REST API seems quite complete, a critical component is missing in our implementation: any client in fact is currently able to retrieve all the notes stored in the Datastore without providing authentication and regardless of being or not the owner of those notes. Moreover, until we don't provide authentication for our REST API, creating a note will be impossible because we need an authenticated user to create an entity in the note_create()
method of the NotesApi
class. We can easily fill this gap in our requirements because Cloud Endpoints provides support to protect all or part of our API with the OAuth2 authorization framework.
The first step to provide protection to our API is to specify which clients ...
Get Python for Google App Engine now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.