I want to authenticate the request coming to my api such that its a valid google account.
@endpoints.api(name='echo',
version='v1',
allowed_client_ids=[API_EXPLORER_CLIENT_ID,
"*****-************.apps.googleusercontent.com"],
auth_level=AUTH_LEVEL.REQUIRED)
class EchoApi(remote.Service):
@endpoints.method(
# This method takes a ResourceContainer defined above.
ECHO_RESOURCE,
# This method returns an Echo message.
EchoResponse,
path='echo',
http_method='POST',
name='echo',
api_key_required=True)
def echo(self, request):
print endpoints.get_current_user()
print request
output_content = ' '.join([request.content] * request.n)
return EchoResponse(content=output_content)
Above is the code that i implemented then also if i send a request without authorization header the request still reaches backend
You must check if get_current_user() returns None.
auth_level does not actually do anything in this version of the Framework.