(I think I know the answer to this but the documentation does not seem
to support that answer, so being rather literal-minded, as well as
quite anxious to avoid making any error, I'm posting this request for
clarification).
On an app's Edit page (linked from the Developer Dashboard) there is a
section titled "OpenID," and I am not certain how to deal with this
section, specifically for a packaged app that uses the Chrome Web
Store Payment System but does *not* itself use the Licensing API.
Here is why I'm confused. This page:
http://code.google.com/chrome/webstore/docs/identify_user.html
states that "The following table summarizes when you should support
Google Account logins using OpenID." The table shows that for a
"Paid" app that uses "Chrome Web Store Payment System," "Support for
Google Accounts (using OpenID)" is "Required."
However, packaged apps in general will not use the REST-based
Licensing API, because, as this page:
http://code.google.com/chrome/webstore/docs/check_for_payment.html
indicates, "Generally, you use the Licensing API in hosted apps.
Although you can use the API in packaged apps and extensions, it's
more difficult for them to use the license server securely."
So, OK, we have a packaged app that is using the Chrome Web Store
Payment System, and it does not itself use the Licensing API. The
Chrome Web Store itself will presumably be logging people in via
OpenID and selling the bits directly into their Chrome browsers, and
the app will then be "owned" by the user eternally. That's the way I
understand it, and that works fine for me.
The questions I have are simply, if I have a paid, packaged app that
is using the Chrome Web Store Payment System but is not itself using
the Licensing API:
1. Should I check, or uncheck, the box titled "This item uses Google
OpenID to authenticate users?"
It is checked by default, and I'm loathe to *un*-check it when the
abovementioned table says that a paid app that uses Chrome Web Store
Payment system is "required" to use OpenID, since my app is indeed
paid and indeed does use the Chrome Web Store Payment system. It does
*not* say that there is an exception to be made for apps that are not
themselves using the Licensing API (but that is what I think it
*means*).
2. Should I just leave the field titled "OpenID realm used in
authentication requests to Google:" blank?
I'm *guessing* that the table mentioned above is *only* talking about
apps that actually *use* the Licensing API to validate users from
their own code, but the page doesn't actually say that, and it seems
too important just to guess about that.
Thanks in advance for any clarification you might provide.