def get(self):
token = self.request.get('token')
email = self.request.get('email')
result = ""
# based on the example here: https://developers.google.com/identity/sign-in/android/backend-auth
try:
# Specify the CLIENT_ID of the app that accesses the backend:
id_info = id_token.verify_oauth2_token(token, requests.Request(),
CLIENT_ID)
if id_info['iss'] not in [
'accounts.google.com', 'https://accounts.google.com'
]:
result = " bad issuer"
raise ValueError('Wrong issuer.')
# ID token is valid. Get the user's Google Account ID from the decoded token.
user_id = id_info['sub']
except ValueError, e:
result = " " + str(e)
# Invalid token
pass
def post(self):
username = self.request.get('username')
token = self.request.get('token')
userid = "..nouserid.."
try:
# Specify the CLIENT_ID of the app that accesses the backend:
idinfo = id_token.verify_oauth2_token(token, requests.Request(),
CLIENT_ID)
# Or, if multiple clients access the backend server:
# idinfo = id_token.verify_oauth2_token(token, requests.Request())
# if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
# raise ValueError('Could not verify audience.')
if idinfo['iss'] not in [
'accounts.google.com', 'https://accounts.google.com'
]:
raise ValueError('Wrong issuer.')
# If auth request is from a G Suite domain:
# if idinfo['hd'] != GSUITE_DOMAIN_NAME:
# raise ValueError('Wrong hosted domain.')
# ID token is valid. Get the user's Google Account ID from the decoded token.
userid = idinfo['sub']
except ValueError as e:
# Invalid token
pass
response = {"username": username, "userid": userid}
self.response.headers.add("Content-Type", "application/json")
self.response.write(json.dumps(response))