CODEWITHSUNDEEP
iosgoogle-app-enginegoogle-oauthgoogle-cloud-endpoints
Stephen Asherson
Stephen Asherson

Reputation: 1567

iOS Google cloud Endpoint Authenticated API call using local dev server

I've implemented a cloud endpoint with some calls requiring Google user authentication and I now want to test these calls using an iOS application. So far I've followed all the steps in the documentation and I've managed to get the user OAUTH sign-in working from the app, however, when I attempt to subsequently make an API call against the local dev server (localhost:8888), I get the following error:

Cannot authorize request with scheme http

From what I have read, auth will not work with an http scheme and requires https. So my questions are: is it possible to use https with the local dev server? Or, is there something else I have missed that will allow me to test user authentication in a local environment?

Any help is greatly appreciated. Cheers.

Upvotes: 1

Views: 506

Answers (1)

Stephen Asherson
Stephen Asherson

Reputation: 1567

Thanks for your assistance @bossylobster. I had always been using http on the local dev server, however, the real problem was that the iOS OAuth2 library would not authorize non-https requests, which meant I could not test authenticated calls locally.

I eventually found a flag in the GTMOAuth2Authentication class of the iOS OAuth2 library which allows the library to authorize all requests (including non-https):

// Property indicating if this object will authorize plain http request
// (as well as any non-https requests.) Default is NO, only requests with the
// scheme https are authorized, since security may be compromised if tokens
// are sent over the wire using an unencrypted protocol like http.
@property (assign) BOOL shouldAuthorizeAllRequests;

By default this flag is set to false/NO. To update this flag to work with my requests, I changed its value in the OAUTH callback method prior to making API requests:

- (void)viewController:(GTMOAuth2ViewControllerTouch *)viewController
      finishedWithAuth:(GTMOAuth2Authentication *)auth
                 error:(NSError *)error {
    [self dismissViewControllerAnimated:YES completion:nil];

    if (error != nil) {
        // Authentication failed
        ...
    } else {
        // Authentication succeeded
        ...

        // TODO: for development purposes only to use non-https....remove for release.
        auth.shouldAuthorizeAllRequests = YES;

        // Make some API calls
        ...
    }
}

Once I had made this change, the iOS library authorized non-https requests to the local dev-server. It is important to note that this flag should only be used for development purposes.

Upvotes: 3

Related Questions