Federated login and integrated applications
130 views
Skip to first unread message
anatoliy
Feb 9, 2011, 5:45:16 AM2/9/11
to google-a...@googlegroups.com
My app uses Google Account API for user authentication. There is also a number of integrated applications (desktop apps, cron jobs, etc) which run elsewhere outside of the GAE. The integrated applications currently use ClientLogin to authenticate themselves when logging in to the app.
Now I'd like to give my website users possibility to use their OpenID identities. This means that I have to switch my application to use federated login. I guess this means that ClientLogin will not work any more. So, all integrations will get broken.
I understood, that it is possible to implement login procedure for desktop applications with OAuth. But this *requires* user interaction meaning it does not work for the cron jobs. I was trying to find any information about this issue, but that's surprisingly difficult.
So, to sum this up: with federated login enabled, is there a way to implement login for applications which does not require user interaction? For example a cron job takes username & password from a file when loggin in to my app at GAE. Just like ClientLogin does?
Iap
Feb 9, 2011, 9:49:50 AM2/9/11
to google-a...@googlegroups.com
So, to sum this up: with federated login enabled, is there a way to implement login for applications which does not require user interaction? For example a cron job takes username & password from a file when loggin in to my app at GAE. Just like ClientLogin does?
What if you save the authorized token instead of the username and password?
From the interaction diagram in http://code.google.com/apis/accounts/docs/OpenID.html#oauth,
it seems that the action in step 9 can be performed in the cron job too provided that the cron job has the authorized token.
anatoliy
Feb 9, 2011, 2:40:07 PM2/9/11
to google-a...@googlegroups.com
Singuan, the identifier (OAuth request token) has limited lifetime. Therefore, there is no sense to store it as it will be obsolete rather soon.
Robert Kluin
Feb 9, 2011, 3:27:48 PM2/9/11
to google-a...@googlegroups.com
IIRC, gdata access tokens (which is what you'll upgrade the request
token to) don't expire. Are you sure App Engine access tokens expire?
token to) don't expire. Are you sure App Engine access tokens expire?
Robert
On Wed, Feb 9, 2011 at 14:40, anatoliy <anatoliy....@gmail.com> wrote:
> Singuan, the identifier (OAuth request token) has limited lifetime.
> Therefore, there is no sense to store it as it will be obsolete rather soon.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengi...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>
anatoliy
Feb 11, 2011, 3:01:12 PM2/11/11
to google-a...@googlegroups.com
Thank you guys!
GAE OAuth docs clearly say that "The access token is valid until the user revokes the access using the Google Accounts management interface."
Sorry for the useless question - didn't notice that at first reading :(
GAE OAuth docs clearly say that "The access token is valid until the user revokes the access using the Google Accounts management interface."
Sorry for the useless question - didn't notice that at first reading :(
Reply all
Reply to author
Forward
0 new messages