App Engine's Python 2.7 runtime had a very convenient way of asserting the identity of an application to another App Engine application.
As described in the above link, using the
app_identity library of the
google.appengine.api package I was able to obtain and insert the
auth_token into the
urlfetch headers. When receiving requests I could verify the
X-Appengine-Inbound-Appid header info.
urlfetch and the
google.appengine.api package are not available in the Python 3.7 runtime.
My app consists of several GAE projects, so I used this method to verify the identity of api calls between my projects (i.e so I do not need it for external APIs / services). What would be the recommended approach of doing this in App Engine's Python 3.7 runtime?