ZOFTINO.COM android and web dev tutorials

Google App Engine Remote API Authentication

Remote API can be used to access services on Google app engine from other java applications. It lets you access from your local machine such services as datastore and search etc.

Since it lets you access server side resource, it needs proper access credentials (Google cloud account credentials) to perform those actions.

Recently there were changes to the way access credentials are provided to the remote API program. Remote API used to accept plain user id and password to authenticate users and let users access app engine services with valid credentials.

Below is the old way of authentication


		RemoteApiOptions options = new RemoteApiOptions()
		            .server("myappengapp.appspot.com", 443)
		            .credentials("admintwo@myappengapp.com", "mypasswd");

Google’s recent changes made the above method of authentication deprecated. Google introduced a new and more secure way of authentication to authenticate remote API clients. Client programs are not required to have plain text user id and passwords in them. Instead, users need to configure gcloud so that remote api automatically takes the credentials from gcloud configuration, authenticates the user and allows to perform remote service access on authentication.

Below is the new way of authentication


		RemoteApiOptions options = new RemoteApiOptions()
			     .server("myappengapp.appspot.com", 443)
			     .useApplicationDefaultCredential();

How to Setup gcloud

In order for the above program to run, you need to have gcloud installed. gcloud is a tools which lets users interact with Google cloud platform to perform various actions. It is part of Google cloud SDK.

Below are the setups you need to perform before you can run remote client.

  1. Download and install Google cloud SDK.
  2. Use gcloud auth login command to setup default credentials. The command opens a browser window and asks you to enter credentials for the account you want to use to run remote client program. ex: gcloud auth login admintwo@myappengapp.com

If you have multiple Google cloud accounts and you are planning to use remote clients for each account, then you need to change the default credential to point to the account which you are planning to use. You can do so, by running the above command and point to which ever account you want to use as shown below. Notice that second Google cloud account user id is used in below command to point to that account.

gcloud auth login admin@thisismyapp.com

After running above cloud command, you can run remote API client program to access services on thisismyapp.appspot.com app engine app.