阅读背景:

谷歌云端点限制……有什么解决方案吗?

来源:互联网 

Am I correct in thinking that the goodness of Cloud Endpoints comes with the following limitations:

我是否正确地认为云端点的好处具有以下限制:

  1. The REST Api cannot be deployed to a custom domain (it'll remain on appspot.com).
  2. REST Api不能部署到自定义域(它将保留在appspot.com上)。
  3. The only authentication supported is OAuth against Google accounts.
    1. Corollary: it isn't currently possible to create a user login/session-tracking mechanism that is Google-accounts-agnostic (e.g., with email as username and a password).
    2. 推论:目前还不可能创建一个用户登录/会话跟踪机制,这是google -account -agnostic(例如,以电子邮件作为用户名和密码)。
  4. 唯一支持的身份验证是针对谷歌帐户的OAuth。推论:目前还不可能创建一个用户登录/会话跟踪机制,这是google -account -agnostic(例如,以电子邮件作为用户名和密码)。

Is there any plan to do away with these limitations and if so, what is the ETA?

有什么计划可以消除这些限制吗?如果有,预计到达时间是多少?

1 个解决方案

#1


20  

Taking these item by item:

逐项记录:

  1. Currently, yes this is still the case. Keep in mind, our initial release is targeted at a same-party use-case, where the domain you're serving from basically doesn't matter (it's not user/developer-facing). If you want to use your API to drive a website, you can use your custom domain to have your user-facing content, and still make requests to your appspot domain using CORS. If you're building a mobile app, no one sees the domain at all.
  2. 目前,是的,情况仍然如此。请记住,我们的初始版本针对的是一个相同的用例,在这个用例中,您所服务的域基本上不重要(它不是面向用户/开发人员的)。如果你想使用你的API来驱动一个网站,你可以使用你的自定义域来拥有你的面向用户的内容,并且仍然使用CORS来请求你的appspot域。如果你正在开发一款移动应用,根本没有人会看到这个领域。
  3. Built-in support (i.e. using the User object) is limited to Google accounts, but you're free to build your own authentication scheme by checking the OAuth headers (or email/password if you must...)
  4. 内置的支持(即使用User对象)仅限于谷歌帐户,但是您可以通过检查OAuth头(如果必须的话,可以通过电子邮件/密码)来构建自己的身份验证方案。
  5. (From the comments, regarding GA status). Endpoints is now GA.
  6. (来自评论,关于GA状态)。端点现在GA。
  7. (From the comments, regarding public APIs). Your APIs must be public, but you can limit the clients that can make requests. If you want to make a secret API, i.e. the existence of the API must itself be protected, that's not currently supported. I'd be curious to hear how popular a request this is, but I suspect it's not a blocker for most people.
  8. (从评论中,关于公共api)。您的api必须是公共的,但是您可以限制可以发出请求的客户端。如果您想要创建一个秘密API,即API的存在本身必须受到保护,这是当前不支持的。我很想知道这个请求有多受欢迎,但我怀疑它对大多数人来说并不是一个障碍。

分享到: