Custom Login System with Cloud Endpoints

Question

I know what I'm asking is quite vague, but Google has run up dry on this. I'm trying to build an API in Cloud Endpoints that hooks into a React frontend. The application requires authentication and authorization - so naturally I've got a few options:

1) Custom Login 2) Third Party via OAuth2 3) Both (what I would like to do)

My question is, how exactly would I go about implementing a custom authentication system with an Endpoints API? Since it's a RESTful service, I know that it's stateless. How exactly do I store session data? Do I have to send credentials with every API request (that seems tedious)?

Gah, could someone please point me in the right direction here? I'm not the most knowledgable person when it comes to authentication. THANK YOU!

Answer 1

There is a not well known nor documented feature in Google's cloud endpoints that allows you to use custom authenticators on api class level or api method level. This is also described / documented in a stackoverflow question.

There are a couple of questions here on stackoverflow for python like this, which uses cookies as far as i can see. I've not yet seen how to implement a custom authenticator like you can in Java.

As for how to store session data in a stateless service. The answer is simple: You don't. Every call to your api should contain all the information to process the request. So it's up to the client to maintain the session information and provide it when needed for an api call.

If by session data you mean stuff like the usual user data (name, address, etc) those are attached to your user (not the current session) so if you have a working authenticator you can simply request the user information from your database via the authenticated user.