Our solution: in App Engine we "trust" the task queue header(s), since there are guarantees that it cannot be inserted by anything outside of app engine. We look for that header, and automatically consider the request authenticated. See the docs for the header names and details.
If you are using the REST API, maybe there is something similar that guarantees the request came from the Task Queues? On Friday, August 19, 2016 at 2:56:56 AM UTC-4, Apurva Nandan wrote: > > Hello everyone, > > I was just trying out the task queue api and have a doubt on the > authentication part. As I understand the queue will keep the tasks in it > and will send at the rate defined by the user. My question is : If my task > handler is secured in such a way that it requires an authentication token > (in my case OAuth 2.0) and till the time it actually receives the task the > token has already expired (while sitting idle in the queue and waiting to > go out), how would you solve this issue? > > I am relatively new to this API so I could be missing a few key points > here but in any case, please feel free to pitch in your views and > suggestions. > > - Apurva > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/998716ee-3f5e-4c6c-b2e2-9da83842d856%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
