Geek asks and answers

RESTful API Security in Google App Engine

I am trying to figure out how to implement the following authentication flow:

  • The user accesses the web application (most likely it will be written using Ruby on Rails) and authenticates (for example, username / password).
  • The client uses data through AJAX provided by the RESTful API built on the Google App Engine (Python, webapp2).

enter image description here

Requirements:

  • Only authenticated web application users (Rails) should have access to the API hosted by App Engine.
  • Users can have different roles in a web application (Rails), and the API (App Engine) needs to know which roles are associated with a given user in order to restrict access to certain data.
  • API (App Engine) AJAX, - (Rails).

, . OAuth ( OAuth2) API? OAuth App Engine - (Rails) API ? , - (Rails) OAuth? ?

. OAuth .

+5
2

, API, Google App Engine, OAuth . , . OAuth GAE - Google "". Google . . , , , , .

+1

, (, OAuth):

  • RoR . RoR, 60 .
  • ( AJAX) webapp2. , .
  • webapp2 RoR, , .
  • RoR , , . , RoR .
  • RoR , webapp2 AJAX ( 2) cookie, , . .
  • webapp2 cookie, .
0

More articles:


All Articles