Am I correct in thinking that the goodness of Cloud Endpoints comes with the following limitations:
- The REST Api cannot be deployed to a custom domain (it'll remain on appspot.com).
- The only authentication supported is OAuth against Google accounts.
- Corollary: it isn't currently possible to create a user login/session-tracking mechanism that is Google-accounts-agnostic (e.g., with email as username and a password).
Is there any plan to do away with these limitations and if so, what is the ETA?
Taking these item by item:
- Currently, yes this is still the case. Keep in mind, our initial release is targeted at a same-party use-case, where the domain you're serving from basically doesn't matter (it's not user/developer-facing). If you want to use your API to drive a website, you can use your custom domain to have your user-facing content, and still make requests to your appspot domain using CORS. If you're building a mobile app, no one sees the domain at all.
- Built-in support (i.e. using the
Userobject) is limited to Google accounts, but you're free to build your own authentication scheme by checking the OAuth headers (or email/password if you must...) - (From the comments, regarding GA status). Endpoints is now GA.
- (From the comments, regarding public APIs). Your APIs must be public, but you can limit the clients that can make requests. If you want to make a secret API, i.e. the existence of the API must itself be protected, that's not currently supported. I'd be curious to hear how popular a request this is, but I suspect it's not a blocker for most people.
来源:https://stackoverflow.com/questions/19786339/google-cloud-endpoints-limitations-any-proposed-solutions