Using appengine and google identity platform as a mobile app backend

Question

I'm sending SOS message in a bottle here but who knows...

So I'd like to use an AppEngine application as the backend for a mobile app (available on ios and android, but no browser-based app so far).

I'd like to support anonymous users as well as users signed in with different provider (Google, Facebook and the traditional username/password).

So Google Identity Toolkit seems like the way to go... I managed to get the identity toolkit demo running on ios (shame on you Google for not providing a Swift Framework...), yet I still don't get how it fit in an AppEngine application:

• on the appengine side how do I check whether a request come from a signed-in user or from an anonymous one ?

• The AppEngine OAuth service documentation mentions the OAuth2 'Authentication: Bearer' token but the Google Identity Toolkit return an 'Google Identity ID token' if I'm correct. Plus, which API provides the OAuthService thing mentioned in the doc ? Any maven repository info is welcome...

• if Google Identity Toolkit is not the way to go, meaning I have to build a custom solution, should I use the authorization code flow with the oauth client being my mobile app ? Should I build a custom session implementation ?

Thanks a lot for any help

Brieuc

Answer 1

Here is the python version of what I think you're wanting

• Client received the auth_token from provider
• Client sends it to your app-engine backend
• App engine uses token to get user profile from provider
• Creates user account
• Generates private bearer token & returns it to client
• Client ads this token to http auth header for all api requests
• Backend uses this private token to identify & load user.

If I have any of this wrong, please clarify here because I'm trying to understand this as well.