Providing Authorization from Clients

This page describes how to create OAuth2.0 client IDs for Android, iOS, and web clients.

For more information about how to support authorization in your Android, iOS, or JavaScript app, see these client-specific pages:

Creating OAuth 2.0 client IDs

If you wish to require authorization to access your API backend, you must obtain the required client IDs and supply them to the backend using the proper API annotation attribute. Precisely which client IDs are required and how you need to supply them can vary depending on whether the client is an Android app, iOS app, or javascript app. For details, see [Specifying Authorized Clients in the API Backend](/appengine/docs/java/endpoints/add-authorization-backend#Specifying_authorized_clients_in_the_API_backend).

Android

In order to create the OAuth 2.0 Android client ID, you'll need to have a certificate key fingerprint. If you use Eclipse with the Android Developer Tools (ADT) plugin, a debug keystore and a debug key are created automatically. You can use the debug key for testing purposes, but you must use a release key for production.

Note that the default debug keystore password is android, and the key alias is androiddebugkey. The default location for Linux and Mac OS X is ~/.android.

  1. Generate a debug (or release) key for your Android application, if you don't already have one. If you use Eclipse with the Android Developer Tools plugin, Eclipse automatically generates a debug key in the debug keystore the first time you build an Android project.
  2. In a Linux or Mac OS X terminal window, you can get the fingerprint of the key using the keytool (included with the Java SDK) as follows:
    keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v
    The fingerprint looks something like this: DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
  3. Copy and save the key fingerprint that is displayed after your run the above keytool command. You'll need to supply this next to generate the Android client ID in the console.
  4. Go to the Credentials page in the Cloud Platform Console.
    Go to the Credentials page.
    1. Select Android as the application type.
    2. In Signing-certificate fingerprint, enter the fingerprint you obtained above..
    3. In Package name, enter the Android application package name, as specified in your AndroidManifest.xml file.
  5. Click Create.
  6. Note the client ID that is generated. This is the client ID you need to use in your backend and in your client application.

iOS

  1. Go to the Credentials page in the Cloud Platform Console.
    Go to the Credentials page.
    1. Select iOS as the application type.
    2. In Name, enter the name of your iOS app.
    3. In Bundle ID, specify your application’s bundle identifier as listed in your application's .plist file (e.g. com.example.myapp).
    4. In App Store ID, optionally enter the App Store ID if the app was published in the Apple iTunes® App Store.
  2. Click Create.
  3. Note the client ID that is generated. This is the client ID you need to use in your backend and in your client application.

web client

  1. Go to the Credentials page in the Cloud Platform Console.
    Go to the Credentials page
    1. Select Web application as the application type.
    2. In Name, enter the name of your web client.
    3. In Authorized JavaScript origins, enter one of the following:
      • http://localhost:8080 if you are testing the backend locally.
      • https://your_project_id.appspot.com, replacing your_project_id with your actual App Engine project ID if you are deploying your backend API to production App Engine.

  2. Click Create.
  3. Note the client ID that is generated. This is the client ID you need to use in your backend and in your client application.