Authenticating my android client to connect to an endpoint

Question

I am developing an android app for an online Newspaper company. The company already developed and hosted their APIs on the Google App Engine with OAuth 2.0 support.
So I am to develop an android app that communicates with their deployed backend API with OAuth 2.0 support and fetch the contents Response from their assigned Google API Explorer.

so according to the Google cloud endpoints documentation for android clients(like my app) trying to make authenticated calls to the endpoints with OAuth 2.0 support, I was directed to:

1. Configure my Android Client(my android app) to provide credentials to the service object
2. se the account picker to support user choice of login accounts.

I followed the instructions on the Google Cloud Endpoint website but I didn't understand the sample codes that was used to explain, so I tried coming up with this:

class EndpointsAsyncTask extends AsyncTask<Void, Void, Void>{

       @Override
       protected Void doInBackground(Void... params) {

           HttpTransport httpTransport = new NetHttpTransport();
           JsonFactory jsonFactory = new  AndroidJsonFactory();


           try {
               GoogleCredential credential = new GoogleCredential.Builder()
                       .setTransport(httpTransport)
                       .setJsonFactory(jsonFactory)
                       .setServiceAccountId(CLIENT_EMAIL)
                       .setServiceAccountScopes(Collections.singleton("https://www.googleapis.com/auth/userinfo.email"))
                       .setServiceAccountPrivateKeyFromP12File(new File("file.p12"))
                       .build();

           /*so now what do I do with the credential object 
          and how do I set the root URL (https://project-id-endpoints.appspot.com/_ah/api)
          that the android client(this android app)
         will connect to in the backend API call
         */

           }
           catch(GeneralSecurityException gse){
               gse.printStackTrace();
           }
           catch(IOException ioe){

           }


           return null;
       }

       @Override
       protected void onPostExecute(Void aVoid) {
           super.onPostExecute(aVoid);

       }
   }

whenever I run my codes, the log report on the Google Developer Console is saying

"Uauthorised access" meaning the authentication call is not working...

Below is my code for opening a GET URL connection to one of the API service content:

public String open() throws IOException{

        InputStream inputStream = null;
        int len = 500;

        try {
            URL url = new URL("https://project-name-api-endpoints.appspot.com/_ah/api/core/v5.1.1/info/category/en");

            URLConnection urlConnection = url.openConnection();

            inputStream = urlConnection.getInputStream();

            String content = readIt(inputStream, len);

            return content;
        }//end try

        finally {
            if(inputStream != null)
            {
                inputStream.close();
            }
        }

    }

The question I have is:

What do I do with the credential object and how do I set the root URL (https://project-id-endpoints.appspot.com/_ah/api) that the android client(this android app) will connect to in the backend API call

Answer 1

The problem is that you are not using those credentials you set up when calling the endpoint. That connection you are making is completely unaware of all the OAuth settings and wonderful stuff you get from endpoints + Android.

Ideally what you need to do is:

1) Create the client libraries for Android from your endpoints (As explained here). Do not make "manual" (through URLConenction) calls to your endpoints, although it's technically possible it's absolutely not recommended.

2) With those libs (jars) included in your project all you need to do is call whatever method you need (as explained here) and the libraries will include all required authorization headers, etc based on your app settings. You don't need to worry about anything else regarding OAuth.

TIP: Make sure to include all of your developer's SHA debug signatures on the authorization on Google console. If you don't, you'll only be able to call the endpoints from your "prodcution" app.