Reputation: 12660
Authenticating to Google Cloud Endpoints as iOS app (not user with Google account credentials)
One of my iOS apps contacts one of my services using Google Cloud Endpoints and I would like to restrict access to that service to instances of the app.
I've followed instructions about adding authorization and have created an iOS client ID that is tied to my app's bundle id and app store id. I've now difficulties understanding this part of the instructions:
If your iOS app is making calls to an Endpoint that requires authentication, you must Add a Sign-in Dialog to your iOS client.
I do not want my users to log in but instead I want my app to present its credentials to the service for authentication without user interaction. I thought since the client ID is (presumably cryptographically) tied to the client ID and bundle ID only the app is (somehow) able to do so and that the client ID would effectively serve like a service account.
Is this type of app (not user) authentication scenario supported by Google Cloud Endpoints (for iOS clients) or do I have to roll my own app authentication by passing some secret in the application-level protocol? Here are some earlier related (unanswered) questions for Android clients.
Upvotes: 3
Views: 995
Answers (1)
Reputation: 12660
I have concluded for now that Google Cloud Endpoints allows authentication only based on Google account credentials. What I need is a credential for the entire app (not its users) akin to a service account or an API key.
I have used service accounts for server-to-server communication. It does not seem possible to create service accounts for an app (as opposed to a GAE application).
GTLService has a property APIKey. However, if my client sets it to a public access key (iOS key) that I created for my GAE application in Google Developer Console the server returns error Access Not Configured. Please use Google Developers Console to activate the API for your project but there is no (obvious) way for configuring non-Google APIs such as my service API.
So until further notice I will add an API key to my application-level API requests and check it in each @ApiMethod.
Upvotes: 1
Related Questions
- How do I make authenticated calls to Google Cloud Endpoints from an iOS client using Google Sign-in for iOS?
- Why isn't a Mobile App Authentication/Authorization supported by Google Cloud Endpoints?
- how to use basic authentication in Android/IOS app with Google Cloud EndPoints(java)
- iOS Google Cloud Storage API Service Account Access
- Google Endpoints in iOS with Google Sign-in
- Authenticating your client to Cloud Endpoints without a Google Account login
- iOS Google cloud Endpoint Authenticated API call using local dev server
- Authorizing google cloud endpoints API access without user sign in
- Endpoints API with authentication
- Endpoints User Authentication