How to use authentification on Google App Engine

Question

I'm looking for a good example, documentation or starting point for the following scenario.

1. My own Google App (Java Servlet) running within Google App Engine

2. SSL activated for this app

3. A mobile Android app talking to my Google App

4. OAuth or other?

My problem is step 4. Somehow I want to make sure that only my Android app is allowed to talk to my Google App and depending on the user on the mobile device I have to restrict the privileges.

But I couldn't find a "very simple" "easy to start" documentation. Would be glad if someone gives me a hint. A very short example would be great.

Answer 1

The best place to start for this is the Cloud Endpoints documentation. This is the best way to implement an API for an Android application, because it auto-generates the serialization/deserialization for you as well as the Android client library code necessary to make the requests. You'll notice as you look through the documentation that you can specify a "User" object as a parameter, which will automatically be injected with the logged-in user. Furthermore, the "clientIds" and "audiences" allow you to restrict the API to applications which you authorize.