Unauthenticated call to Endpoint working for an API method with authentication

Question

I am facing issue with Endpoints authentication.

This is the api code I am using

@ApiMethod(name = "myapiname.myapimethod", scopes = { Constants.EMAIL_SCOPE }, clientIds = {
        Constants.WEB_CLIENT_ID, Constants.ANDROID_CLIENT_ID,
        Constants.API_EXPLORER_CLIENT_ID }, audiences = { Constants.ANDROID_AUDIENCE })
public Result myapimethod(User user) throws OAuthRequestException, IOException {

    // some work

    return new Result();
}

In API explorer, it shows that the method requires Authorization, but it is getting successfully executed even without authorizing the request in API explorer.

Any help will be highly appreciated.

Thanks in advance.

Answer 1

Adding an User parameter alone won't check if the endpoint request is authenticated, we need to check that ourselves refer the documentation https://developers.google.com/appengine/docs/java/endpoints/auth#Java_Adding_a_user_parameter_to_methods_for_auth

`If an incoming client request has no authorization token or an invalid one, user is null. In your code, you need to check whether user is null and do ONE of the following, depending on the condition:

• If the user is present, perform the authorized action.

• If the user is null, throw an OAuthRequestException.

• Alternatively, if the user is null, perform some action for an unauthorized client access if some sort of unauthorized access is desired.`