I have an App Engine server that provides a REST API and would like to protect it with OAuth 2.0. Applications that use my REST API will be run on headless servers and not have any user input i.e. no web browser redirects for users to enter their username and password.
Twitter does more or less what I want with its Application Only Auth<https://dev.twitter.com/docs/auth/application-only-auth> which uses the Client Credentials Grant<http://tools.ietf.org/html/rfc6749#section-4.4> approach of OAuth 2.0. Does the App Engine OAuth service<https://developers.google.com/appengine/docs/python/oauth/> allow me to do this? If so how? (I find the documentation confusing and can't get a 2-legged approach to work in any case.) Otherwise where should I look for an alternative as I don't want to reinvent the wheel especially with security related parts of my app. I would appreciate pointers to Go resources, but Python would also work for me. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.
