https://stackoverflow.com/questions/13501317
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou can, but this approach isn't going to be as secure as a scenario where you are:
- using a service-specific scope for a Google API
- accessing an Endpoints API directly
You can use Google Play Services to obtain a token for the scope you'd like to use. Since you're interested in using the Users API on App Engine, you'll want the userinfo.email scope:
String mScope = "https://www.googleapis.com/auth/userinfo.email";
try {
token = GoogleAuthUtil.getToken(mActivity, mEmail, mScope);
} catch {
...
}
Send this to App Engine via the Authorization header:
Authorization: Bearer your_token
Then, using the OAuth API, you can obtain a User object:
String mScope = "https://www.googleapis.com/auth/userinfo.email";
User user = null;
try {
OAuthService oauth = OAuthServiceFactory.getOAuthService();
user = oauth.getCurrentUser(mScope);
} catch (OAuthRequestException e) {
// The consumer made an invalid OAuth request, used an access token that was
// revoked, or did not provide OAuth information.
// ...
}
But, in general you don't want to do this! If you protect your application this way, another user can write an application that asks you permission to your userinfo.email scope. Once granted, all they need to do is take the token and pass it to your application, and they appear as you do. Endpoints and other Google APIs have additional logic in place to prevent this kind of behavior, which is why you're better off using one of those approaches.
