Custom Authentication for Google Cloud Endpoints (instead of OAuth2)

Question

We are super excited about App Engine\'s support for Google Cloud Endpoints.

That said we don\'t use OAuth2 yet and usually authenticate users with username/password

Answer 1

From my understanding Google Cloud Endpoints provides a way to implement a (RESTful?) API and to generate a mobile client library. Authentication in this case would be OAuth2. OAuth2 provides different 'flows', some of which support mobile clients. In the case of authentication using a principal and credentials (username and password) this doesn't seem like a good fit. I honestly think you would be better off by using OAuth2. Implementing a custom OAuth2 flow to support your case is an approach that could work but is very error prone. I haven't worked with OAuth2 yet but maybe an 'API key' can be created for a user so they can both use the front-end and the back-end through the use of mobile clients.