Google App Engine: Endpoints authentication when custom auth or Open ID is used

Question

I recently got started with Google App Engine. I intend to use Flask to serve web pages and the Endpoints API, preferably with the Endpoints-Proto-Datastore for everything else.

Answer 1

I wanted to not use oAuth, but a simpler form of Authentication with user/token.

So what I've done is create a custom ServletFilter that maps to /_ah/spi/* and intercepts login information from the HTTPServletRequest there, if it is an Endpoint-API-Request.

Seems to work thus far, but am not really sure if that is the way to go. But as I've found no examples for non-oAuth-Auth anywhere, that's currently my best shot.

Would love to get some best practice hints from @bossylobster or @Dan Holevoet.