def get(self): token = self.request.get('token') email = self.request.get('email') result = "" # based on the example here: https://developers.google.com/identity/sign-in/android/backend-auth try: # Specify the CLIENT_ID of the app that accesses the backend: id_info = id_token.verify_oauth2_token(token, requests.Request(), CLIENT_ID) if id_info['iss'] not in [ 'accounts.google.com', 'https://accounts.google.com' ]: result = " bad issuer" raise ValueError('Wrong issuer.') # ID token is valid. Get the user's Google Account ID from the decoded token. user_id = id_info['sub'] except ValueError, e: result = " " + str(e) # Invalid token pass
def post(self): username = self.request.get('username') token = self.request.get('token') userid = "..nouserid.." try: # Specify the CLIENT_ID of the app that accesses the backend: idinfo = id_token.verify_oauth2_token(token, requests.Request(), CLIENT_ID) # Or, if multiple clients access the backend server: # idinfo = id_token.verify_oauth2_token(token, requests.Request()) # if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]: # raise ValueError('Could not verify audience.') if idinfo['iss'] not in [ 'accounts.google.com', 'https://accounts.google.com' ]: raise ValueError('Wrong issuer.') # If auth request is from a G Suite domain: # if idinfo['hd'] != GSUITE_DOMAIN_NAME: # raise ValueError('Wrong hosted domain.') # ID token is valid. Get the user's Google Account ID from the decoded token. userid = idinfo['sub'] except ValueError as e: # Invalid token pass response = {"username": username, "userid": userid} self.response.headers.add("Content-Type", "application/json") self.response.write(json.dumps(response))