To clarify our usage scenario: We register external users with our application by storing our own user entities. To catch aliases and dot/no dot variations being the same Google account (for example a gmail account does allow aliases and people appear to log in with and without dots in their name), we convert the email to a GAE user id and store that: this way we reduce all these cases to one user we store. Granted this wasn't very straightforward to being with (given per an SO post: https://stackoverflow.com/questions/816372/how-can-i-determine-a-user-id-based-on-an-email-address-in-app-engine) but it helps the confusion of these account email variations.
If this ability disappears we'll have to figure this out afterwards: e.g. we allow the storage of say three user entities identified by primary email, alias and potentially without dots (since the person entering the information wouldn't know), then have a batch job go through all users say daily and merge the ones that have the same id that will be provided by OpenID-Connect. On Wednesday, January 30, 2019 at 5:53:07 PM UTC-5, NP wrote: > > Hi George, > > You said - .....as in Google Identity Platform you are not supposed to use > these IDs to validate user log-ins...... > > How then are you supposed to validate user log-ins using Google Identify > Platform? GAE 2.7 User Object documentation specifically said that the User > Id is stable and recommended storing that. I believe people then used it to > validate logged in users. What is the recommended way for validating people > in Google Identity Platform? > > On Tuesday, January 29, 2019 at 3:26:11 PM UTC-8, George (Cloud Platform > Support) wrote: >> >> Hello Marcel, >> >> Documentation does not indicate restrictions on user ID's, you may check >> "Getting profile information" page >> <https://developers.google.com/identity/sign-in/web/people> for related >> details. You can choose IDs or pattern for IDs that might correlate to the >> old App Engine IDs. This might not prove of any advantage in the end, as in >> Google Identity Platform you are not supposed to use these IDs to validate >> user log-ins. Same applies to emails and email variants such as >> joh...@gmail.com and jo...@gmail.com. You may check the "Send the ID >> token to your server" on the "Authenticate with a backend server" page >> <https://developers.google.com/identity/sign-in/web/backend-auth>. >> >> To reply to your second question, on the same documentation page you'll >> notice that the get method for email profile.getEmail() does not allow for >> multiple email values within the same user identity profile. >> > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/e1528a60-99de-4645-b464-df41a575cf67%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
