3rd party authorization scenario & XMPP

[Dewey Gaedcke]

I've never worked with anything but basic un/pw for app-login....I'm clueless about OAuth2 & all of that stuff.

I'm building a mobile-backend (IOS & Android) on app-engine.....my first app-engine project

My mobile clients users will authenticate with either Facebook or Google Identity Toolkit (GIT)   (still deciding and open to recommendations)

If we use GIT (supports lots of oauth2 providers), I'm not sure what to do if the user switches authentication providers after their first login.....

I also want my API (endpoints via Ferris3) to only accept requests from my app-users and not 3rd parties.

Can anyone advise me on how to set all of this up?

All suggestions or links welcome.

Alternatively, if someone wants to consult, I'd be open to hiring someone to help us get it properly configured.

On a related matter, we also need a module to add-accounts dynamically to an XMPP server so they can conduct private chat between users within our mobile apps?

Regards,
Dewey