Protecting an endpoint with OAuth2
Even if our REST API seems quite complete, a critical component is missing in our implementation: any client in fact is currently able to retrieve all the notes stored in the Datastore without providing authentication and regardless of being or not the owner of those notes. Moreover, until we don't provide authentication for our REST API, creating a note will be impossible because we need an authenticated user to create an entity in the note_create() method of the NotesApi class. We can easily fill this gap in our requirements because Cloud Endpoints provides support to protect all or part of our API with the OAuth2 authorization framework.
The first step to provide protection to our API is to specify which clients ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access