Skip to first unread message
Daniel Guillamot
Sep 25, 2014, 6:03:15 AM9/25/14
to google-a...@googlegroups.com
Do you think using Google Accounts is a reasonable user authentication system for a GAE application?
Should I require all my users to have Google Accounts for certain functions (commenting, and other user generated content).
Or, should I create my own system. Users have to create user ids, enter email addresses, passwords, captchas, forgot password/recovery, ugh.
My app is pretty much targeted to all people, not just tech-savvy.
What is the general recommendation these days? What is user tolerance / willingness to just use google accounts or Oauth/OpenID? Are people reluctant to want to use their google account on my website?
PK
Sep 26, 2014, 12:44:44 PM9/26/14
to Daniel Guillamot, google-a...@googlegroups.com
Hi there,
I have been using Google Accounts for my primary project. Here are pros and cons based on my experience.
pros:
1. You do not deal with lost passwords
2. You ride the innovation of Google, e.g. 2-factor authentication etc that you might not be able to afford and are very costly if you get wrong
3. Easy integration with Google Apps etc.
4. Many people already have one Google account so it is simple
cons:
1. Google has been barely maintaining the GAE accounts API. It has many issues listed in the issues database that they do not address for years. They are corner cases but they generate support incidents.
1.1 The current Google Accounts API is bare minimum, in fact I do not think it has been improved at all since its inception. I would like to see a richer API too, e.g. only allow this user if she has 2 step verification on or if they have a strong password.
2. A few people who do not use Google accounts are very strong privacy advocates and hate everything Google. They are 1 out of 200 but they are very vocal and might turn down a service because of that. Of course some of them will not use cookies either so you might not need to worry at all. Fortunately, recently Google allowed again people to have Google accounts with no Google+ and this is a step in the right direction.
3. Confusion when users have multiple Google accounts. I usually stir them towards one browser user/Google Account (see here) and this seems to help but it generates support incidents.
4. You have to deal on what happens when people sign out from your service. Most people are accustomed to have their Google session open all the time in their browse so they can read their e-mail etc They will be unhappy if you log them out. Based on the type of your service this might be acceptable
I hope that helps, I would love to hear others experiences and approach on this.
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
For more options, visit https://groups.google.com/d/optout.
Joshua Smith
Sep 26, 2014, 1:01:39 PM9/26/14
to google-a...@googlegroups.com, Daniel Guillamot
Those are good lists.
One more: If your customers are business users, google accounts won’t work. Because people don’t want to use their personal account for work stuff. And they are afraid to set up a google account wrapper around their work email address, because ordinary humans don’t understand that concept at all.
-Joshua
Vinny P
Sep 28, 2014, 12:01:54 PM9/28/14
to google-a...@googlegroups.com
On Thu, Sep 25, 2014 at 5:03 AM, Daniel Guillamot <whil...@gmail.com> wrote:
Do you think using Google Accounts is a reasonable user authentication system for a GAE application?
Should I require all my users to have Google Accounts for certain functions (commenting, and other user generated content).
PK's list is a good one. Make sure you read it.
Yes, offer Google Accounts as an authentication option, but also offer other ways to authenticate such as Facebook/Twitter sign in. It's a bit of extra work, but users generally (in my experience) like having multiple sign-in options rather than being constrained to a single sign-in option.
-----------------
-Vinny P
Technology & Media Consultant
Chicago, IL
App Engine Code Samples: http://www.learntogoogleit.com
Reply all
Reply to author
Forward
0 new messages