Hi there, I have been using Google Accounts for my primary project. Here are pros and cons based on my experience.
pros: 1. You do not deal with lost passwords 2. You ride the innovation of Google, e.g. 2-factor authentication etc that you might not be able to afford and are very costly if you get wrong 3. Easy integration with Google Apps etc. 4. Many people already have one Google account so it is simple cons: 1. Google has been barely maintaining the GAE accounts API. It has many issues listed in the issues database that they do not address for years. They are corner cases but they generate support incidents. 1.1 The current Google Accounts API is bare minimum, in fact I do not think it has been improved at all since its inception. I would like to see a richer API too, e.g. only allow this user if she has 2 step verification on or if they have a strong password. 2. A few people who do not use Google accounts are very strong privacy advocates and hate everything Google. They are 1 out of 200 but they are very vocal and might turn down a service because of that. Of course some of them will not use cookies either so you might not need to worry at all. Fortunately, recently Google allowed again people to have Google accounts with no Google+ and this is a step in the right direction. 3. Confusion when users have multiple Google accounts. I usually stir them towards one browser user/Google Account (see here) and this seems to help but it generates support incidents. 4. You have to deal on what happens when people sign out from your service. Most people are accustomed to have their Google session open all the time in their browse so they can read their e-mail etc They will be unhappy if you log them out. Based on the type of your service this might be acceptable I hope that helps, I would love to hear others experiences and approach on this. PK http://www.gae123.com On September 26, 2014 at 8:14:26 AM, Daniel Guillamot (whilet...@gmail.com) wrote: Do you think using Google Accounts is a reasonable user authentication system for a GAE application? Should I require all my users to have Google Accounts for certain functions (commenting, and other user generated content). Or, should I create my own system. Users have to create user ids, enter email addresses, passwords, captchas, forgot password/recovery, ugh. My app is pretty much targeted to all people, not just tech-savvy. What is the general recommendation these days? What is user tolerance / willingness to just use google accounts or Oauth/OpenID? Are people reluctant to want to use their google account on my website? -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
