Reputation: 12081
App Engine OAuth provider CORS
I've setup a small App Engine web application that provides an API for a certain task. My goal is to connect to this using a static web front-end and several native client applications. For authentication I'm using the built-in OAuth provider.
Consumer tokens for the clients have been created using the Google APIs Console.
A ruby script used for API testing is successfully authenticating and able to request data from OAuth protected API urls.
However trying to access the /_ah/OAuthGetRequestToken using javascript from a different host results in a CORS security exception:
Origin http://exampledomain.nl is not allowed by Access-Control-Allow-Origin.
The domain the html/javascript is hosted on has been specified in the JavaScript origins field of the consumer in the API Console. I've verified it matches the domain the CORS error complains about exactly.
- Is App Engine OAuth ignoring the
JavaScript originsor am I missing something here? - Or is it possible to authenticate a (static) client side javascript application to app engine OAuth in another way?
Upvotes: 2
Views: 590
Answers (1)
Reputation: 9183
Your use case seems like a good fit for Google Cloud Endpoints. The Google API client libraries, which work directly with Endpoints, will handle the details of minting tokens for your applications. Endpoints also natively supports CORS.
Upvotes: 1
Related Questions
- Google App Engine and CORS
- Manage CORS between Google App Engine & Google Cloud Function
- How do I set up a GCP App Engine instance with CORS?
- How to handle CORS in a service account call to Google oAuth?
- How to allow CORS in Google Cloud Endpoints?
- App Engine Endpoint enable CORS
- How to enable CORS with Cloud Endpoints?
- Implementing CORS in Google App Engine server
- OAuth in google app engine
- CORS in App Engine application (python)