If you want to require authentication to access your API backend, you must obtain the required client IDs and supply them to the backend by using the proper API decorator argument.
Android
To create the OAuth 2.0 Android client ID, you need to have a certificate key fingerprint. If you use Android Studio, a debug keystore and a debug key are created automatically. You can use the debug key for testing purposes, but you must use a release key for production.
Note that the default debug keystore password is android
, and
the key alias is androiddebugkey
. The default location for Linux
and macOS is ~/.android/debug.keystore
.
- If you don't already have one, generate a debug or release key for your Android application. If you use Android Studio, it automatically generates a debug key in the debug keystore the first time you build an Android project.
-
In a Linux or macOS terminal window, you can get the fingerprint of the
key by using the
keytool
included with the Java SDK as follows:keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v
The output displays a fingerprint similar to the following:DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
-
Copy and save the key fingerprint that is displayed after your run the preceding
keytool
command. You need to supply the fingerprint to generate the Android client ID in the Google Cloud console. - In the Google Cloud console, go to the Credentials page.
- From the projects list, select the project containing your API.
- If this is your first time creating a client ID in this project, use the sub-steps to go to the OAuth consent page; otherwise, skip to the next step.
- Click OAuth consent screen.
- Enter a name in the Application name field.
- Fill out the rest of the fields as needed.
- Click Save.
- In the Create credentials drop-down list, select OAuth client ID.
- Select Android as the application type.
- In Name, enter a name for your client ID.
- In Signing-certificate fingerprint, enter the fingerprint you obtained previously.
-
In Package name, enter the Android application package name, as
specified in your
AndroidManifest.xml
file. -
Click Create.
You use the generated client ID in your API backend and in your client application.
Web client
- In the Google Cloud console, go to the Credentials page.
- From the projects list, select the project containing your API.
- If this is your first time creating a client ID in this project, use the sub-steps to go to the OAuth consent page; otherwise, skip to the next step.
- Click OAuth consent screen.
- Enter a name in the Application name field.
- Fill out the rest of the fields as needed.
- Click Save.
- In the Create credentials drop-down list, select OAuth client ID.
- Select Web application as the application type.
- In Name, enter a name for your client ID.
-
In Authorized JavaScript origins, enter one of the following:
-
http://localhost:8080
if you are testing the backend locally. -
https://YOUR_PROJECT_ID.appspot.com
, replacingYOUR_PROJECT_ID
with your App Engine project ID if you are deploying your backend API to your production App Engine.
-
-
Click Create.
You use the generated client ID in your API backend and in your client application.
What's next
For information about how to support authentication in your Android or JavaScript application, see the following: