Hello everyone,
Thanks for your insights and suggestions. However, I will explain my setup
again as
I am using a push queue and app engine api to submit tasks to the default
queue.
Queue queue = QueueFactory.getDefaultQueue();
queue.add(TaskOptions.Builder.withUrl("/api/tasks/indexLine").header("Authorization",
token).param("linejson", linejson));
The task handler url is secured by using spring security framework by Oauth
2.0 tokens. Hence I pass an additional authorization header to the task for
authentication. Now in case this oauth2.0 authorization token expires while
sitting in the queue then whenever the task actually runs, the handler will
return a 401 unauthorized error.
Is there anyway by which the task queue would check that the task got a 401
error and then it could ask for a refresh token and then call the handler
with that token.
- Apurva
On Wed, Aug 24, 2016 at 1:53 AM, 'Adam (Cloud Platform Support)' via Google
App Engine <google-appengine@googlegroups.com> wrote:
> To clarify the above, your task handler only gets called when it's time
> for the task to actually run, not when the task gets first placed in the
> queue, so there isn't a chance that you'll need to deal with an expired
> auth token.
>
> If you're using push queues, it's sufficient to protect your task handler
> URL with 'login: admin' since push queues handlers live on and are issued
> by App Engine, which will always be able to authenticate. See 'Securing
> Task Handlers
> <https://cloud.google.com/appengine/docs/python/taskqueue/push/creating-handlers#securing_task_handler_urls>
> '.
>
> If you have a pull queue, your task handler is either calling the Task
> Queue REST API every time it needs to lease a task which requires OAuth
> authentication, or you're doing it from within App Engine as well which
> uses the application credentials. See 'Using Pull Queues
> <https://cloud.google.com/appengine/docs/python/taskqueue/overview-pull>'.
>
> On Tuesday, August 23, 2016 at 6:19:44 PM UTC-4, Nick wrote:
>>
>> The task queue can invoke admin secured urls when you use push, which
>> would normally require IAM access. If you set it up like that (assuming you
>> can trust your admins) all invocations can be trusted, regardless of
>> headers etc.
>>
>> Presumably in this case you'll still need to send a user identifier for
>> context, but you can assume the operation was authorized by the call that
>> queued the task.
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Google App Engine" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/google-appengine/FTbKR62589o/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> google-appengine+unsubscr...@googlegroups.com.
> To post to this group, send email to google-appengine@googlegroups.com.
> Visit this group at https://groups.google.com/group/google-appengine.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/google-appengine/77248dbc-840b-419e-b68f-
> d96f6ba62d16%40googlegroups.com
> <https://groups.google.com/d/msgid/google-appengine/77248dbc-840b-419e-b68f-d96f6ba62d16%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/CAFk2cV4d-WOhZBDMbXWEmoQNKsQTLEJuymj0PTtDTcGELfPQvw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
