Reputation: 607
Endpoints API with authentication
My question is : can I use endpoints API or a service with OAuth protocol in general, in sort of that i not need to authenticate the user all time that it send a request to the server but only the first time and for the other times I will use type of token or whatever to use the server directly without check oaut. ALl that in a secure way of course. the process of check oaut is slowing the response.
Thanks
Upvotes: 0
Views: 224
Answers (1)
Reputation: 9183
It depends what you mean by "authenticate the user". OAuth as implemented by Endpoints (and demonstrated with samples) suggests you authenticate the user the first time they use the application (either at install time, or each time they load the app in the browser). From then on, the identity of the user is represented by a token, managed by the client library, and sent along with each request. The server will always verify this token to determine who is making the request, but it does not require user-facing interaction.
If you're asking whether you can use OAuth without continually making the user identify themselves (via an OAuth popup, etc.), yes, this is the way it works by default in the samples.
If you're asking whether you can use OAuth without verifying the tokens on each request, you could, but it's not worth doing, because it doesn't get you a lot from a security perspective or save you much performance-wise.
Upvotes: 1
Related Questions
- Cloud Endpoints Authentication
- User Authorization for Cloud Endpoints
- Google Endpoints API Authentication to other APIs
- Google App Engine: Endpoints authentication with ID and password
- How to generate OAuth2.0 Bearer when calling App Engine Endpoints API?
- GAE User API with OAuth2
- Google App Engine: Endpoints authentication when custom auth or Open ID is used
- Using Auth with Endpoints
- Authorizing google cloud endpoints API access without user sign in
- How to add authentication to google cloud endpoints?