Closed st3fan closed 9 years ago
@st3fan we had this discussed with @dhermes back in the days of its initial implemetation in https://github.com/GoogleCloudPlatform/go-endpoints/pull/15#commitcomment-3370515
I know it's easy to add but may confuse users. There's also an open issue on the official bug tracker of App Engine: https://code.google.com/p/googleappengine/issues/detail?id=8848
Instead, maybe we could add a new method, something like endpoints.CurrentGoogleUser
, leave CurrentUser
as is and document the difference between the two.
@campoy any thoughts on this?
@crhym3 Yeah you are probably right. What do you think of doing something a bit more low level and instead have something like endpoints.Claims()
? That would return something like:
// Claims represents an IdToken response.
// https://developers.google.com/accounts/docs/OpenIDConnect#obtainuserinfo
type Claims struct {
Subject string `json:"sub"`
Issuer string `json:"iss"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Audience string `json:"aud"`
IssuedAt uint `json:"iat"`
ExpirationTime uint `json:"exp"`
AccessTokenHash string `json:"at_hash"`
AuthorizedPresenter string `json:"azp"`
}
Then endpoints.CurrentGoogleUser
can sit on top of that.
:+1: Maybe we can then also eliminate signedJWT and just use Claims
.
Woud you modify #53 with Claims
and CurrentGooglUser
? That would be awesome.
@crhym3 Sure, I can try to find a little time between Christmas and New Year to hack on that.
Hey @st3fan, do you have any news on this? I'll be using this package for a course soon and I would like to make sure after this the API is as stable as possible :smile:
Hi @campoy .. maybe someone else can pick this up? I have abandoned the project that I was initially using this code for so it is difficult for me to work on this right now. Maybe @crhym3 has a better idea about what to do here?
Yeah, I'll take it.
The JWT token has a
sub
(Subject) field that contains the Google Account ID. This is useful to have in endpoints since it is more stable than the email address.