I am trying to set up an application server on the google app engine. My app currently uses php on a dreamhost server and I do my own authentication. My app is a home automation app where users use some home automation software to send messages to their phone (such as burglar alarm is sounding or the garage door is open).
I want to change the authentication to google accounts. So here's how I am thinking about doing it.
User installs my app. When they register the app, my app server stores the email address from the google account and uses that as the key for any devices they own. I would use the account chooser activity because it is possible for a phone to have more than one google account.
Once the GCM registration intent is received, store the reg id along with the user on the app server. If the user has any other devices, when they register the app, add their reg ids to the device list on the app server for that user.
Now, when the user wants to send a message their phone, they need to know what account to send it to. Since I stored the email address from the google account, they will use that. So, how will they authenticate with my app server? I mean, if someone guesses my email address, they would be able to send messages to my phone. I don't have access to the user's password through the google account, so do I need to require them to come up with a password just for my app? Furthermore, I would like it if my users could send messages to other phones that they wish, such as for other family members. In that case, they will have different account names (email addresses). I was thinking about requiring the users to come up with their own secret groupname that they could share among anyone that they want to receive the home automation messages.
So anyway, I was just looking for ideas as to how the group here thinks the best way to approach this would be.