My overall goal is to create a mobile and web app that allows for multiple identity providers (google, Facebook, email/password) and uses a google cloud endpoint (python) that preform a user authorization check. I am trying to figure out the best method of doing this.
Is it possible to use the google identity tool kit to preform the user authorization check within the endpoint that I want to secure? I cant seem to figure out how I would go about doing this. As far as I know I would not be able to call the endpoints.get_current_user() to validate the user as it will only work with google+ logins.
I am also open to other suggestions (not using identity tool kit)
Any help would be really appreciated
Thank you
You are correct that you cannot use the endpoints.get_current_user() method to validate an Identity Toolkit user.
To use Identity Toolkit with Cloud Endpoints, you should use the built in sessions to represent the user.
After Identity Toolkit authentication is complete at the client, you should send the ID token to a "login" endpoint, validate the token, then create a new session that you include on subsequent requests.