func authorized(token string) (ok bool, err error) { if fs := strings.Fields(token); len(fs) == 2 && fs[0] == "Bearer" { token = fs[1] } else { return false, nil } svc, err := auth.New(http.DefaultClient) if err != nil { return false, err } tok, err := svc.Tokeninfo().Access_token(token).Do() return err == nil && tok.Email == authEmail, err }
// authorized verifies the auth token. We could do this ourselves using Admin if our caller had used // the right service account, but this will do it for any account. func authorized(cx appengine.Context, token string) (bool, error) { if user.IsAdmin(cx) { cx.Infof("authorized - true") return true, nil } if fs := strings.Fields(token); len(fs) == 2 && fs[0] == "Bearer" { token = fs[1] } else { return false, nil } svc, err := auth.New(urlfetch.Client(cx)) if err != nil { return false, err } tok, err := svc.Tokeninfo().Access_token(token).Do() if err != nil { return false, err } cx.Infof(" tok %v", tok) return tok.Email == abelanaConfig().AuthEmail, nil }