[google-appengine] Re: Using OpenID with Google App Engine and its UserService
Ok, a bit more explanation: The problem with creating Login URL's like mentioned above is that even yahoo.com etc. starts to work when I only want Google Account and Google Apps to work. Is there any good reference implementation that leaves the OpenID heavy lifting to UserService? and works for both Google Account and Google Apps only. On Dec 1, 10:59 pm, AmaltasCoder wrote: > My application on GAE should work for both Google Accounts and Google > Apps accounts. I understand that UserService on app engine makes the > task of using OpenID easy. I generate the Login/Logout url's as > follows, can someone please check if these are correct calls: > > Login URL for Google Account: > > UserService userService = UserServiceFactory.getUserService(); > userService.createLoginURL(destinationURL, null, "gmail.com", new > HashSet()) > > Login URL for Google Apps Account: > > UserService userService = UserServiceFactory.getUserService(); > userService.createLoginURL(destinationURL, null, > "googleappsdomaintouse.com", new HashSet()) > > Logout URL for Google Account and Google Apps account: > > UserService userService = UserServiceFactory.getUserService(); > User user = userService.getCurrentUser(); > userService.createLogoutURL(destinationURL, user.getAuthDomain()) -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
[google-appengine] Re: Using OpenID with Google App Engine and its UserService
You can use the explicit addresses for OpenID endpoints: userService.createLoginURL(redirectTo, "gmail.com", "https://www.google.com/accounts/o8/id";, attributesRequest); String appsLoginUrl = userService.createLoginURL(redirectTo, loginDomain, "https://www.google.com/accounts/o8/site-xrds?hd="; + loginDomain, attributesRequest); These should work to filter only google accounts and apps accounts for your requests. I switch between the two using a simple request parameter. Regards Lorenzo On Dec 1, 6:59 pm, AmaltasCoder wrote: > My application on GAE should work for both Google Accounts and Google > Apps accounts. I understand that UserService on app engine makes the > task of using OpenID easy. I generate the Login/Logout url's as > follows, can someone please check if these are correct calls: > > Login URL for Google Account: > > UserService userService = UserServiceFactory.getUserService(); > userService.createLoginURL(destinationURL, null, "gmail.com", new > HashSet()) > > Login URL for Google Apps Account: > > UserService userService = UserServiceFactory.getUserService(); > userService.createLoginURL(destinationURL, null, > "googleappsdomaintouse.com", new HashSet()) > > Logout URL for Google Account and Google Apps account: > > UserService userService = UserServiceFactory.getUserService(); > User user = userService.getCurrentUser(); > userService.createLogoutURL(destinationURL, user.getAuthDomain()) -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
[google-appengine] Re: Using OpenID with Google App Engine and its UserService
This is correct, in my opinion. In my app if I detect an attempt to log in with Google Apps I send an immediate redirect to Google's login page, without showing the login page of my application. Google Apps Marketplace allows you to detect this using the url you give in the manifest, it has a parameter that Google should fill with the domain name. As for the userID problem, I have never tried other providers than Google, but the documentation (not javadoc) used to say that openID users are a superset for Google Accounts, so I think a valid id should be provided also for other providers. Regards Lorenzo On Dec 6, 2:55 pm, Ross M Karchner wrote: > I've been thinking about this myself, for a few days. > > In order to sell a GAE app on Google Apps Marketplace, must we: > > - Use OpenID > - force users to only use Google's OpenID > > (that last bit seems to be the logical conclusion from the directive not to > show an intermediate login screen) > > Is this correct? > > > > On Mon, Dec 6, 2010 at 6:28 AM, l.denardo wrote: > > You can use the explicit addresses for OpenID endpoints: > > > userService.createLoginURL(redirectTo, "gmail.com", > > " > >https://www.google.com/accounts/o8/id";, attributesRequest); > > > String appsLoginUrl = userService.createLoginURL(redirectTo, > > loginDomain, > > " > >https://www.google.com/accounts/o8/site-xrds?hd="; + > > loginDomain, attributesRequest); > > > These should work to filter only google accounts and apps accounts for > > your requests. > > I switch between the two using a simple request parameter. > > > Regards > > Lorenzo > > > On Dec 1, 6:59 pm, AmaltasCoder wrote: > > > My application on GAE should work for both Google Accounts and Google > > > Apps accounts. I understand that UserService on app engine makes the > > > task of using OpenID easy. I generate the Login/Logout url's as > > > follows, can someone please check if these are correct calls: > > > > Login URL for Google Account: > > > > UserService userService = UserServiceFactory.getUserService(); > > > userService.createLoginURL(destinationURL, null, "gmail.com", new > > > HashSet()) > > > > Login URL for Google Apps Account: > > > > UserService userService = UserServiceFactory.getUserService(); > > > userService.createLoginURL(destinationURL, null, > > > "googleappsdomaintouse.com", new HashSet()) > > > > Logout URL for Google Account and Google Apps account: > > > > UserService userService = UserServiceFactory.getUserService(); > > > User user = userService.getCurrentUser(); > > > userService.createLogoutURL(destinationURL, user.getAuthDomain()) > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to google-appeng...@googlegroups.com. > > To unsubscribe from this group, send email to > > google-appengine+unsubscr...@googlegroups.com > > . > > For more options, visit this group at > >http://groups.google.com/group/google-appengine?hl=en. > > -- > Ross M Karchnerhttp://eventgrinder.com -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
Re: [google-appengine] Re: Using OpenID with Google App Engine and its UserService
I know it is not ideal, but perhaps after a user log in your could check the user_id property? > If the email address is not associated with a Google account, user_id returns None. http://code.google.com/appengine/docs/python/users/userclass.html#User_user_id Robert On Sun, Dec 5, 2010 at 04:54, AmaltasCoder wrote: > Ok, a bit more explanation: > > The problem with creating Login URL's like mentioned above is that > even yahoo.com etc. starts to work when I only want Google Account and > Google Apps to work. Is there any good reference implementation that > leaves the OpenID heavy lifting to UserService? and works for both > Google Account and Google Apps only. > > On Dec 1, 10:59 pm, AmaltasCoder wrote: >> My application on GAE should work for both Google Accounts and Google >> Apps accounts. I understand that UserService on app engine makes the >> task of using OpenID easy. I generate the Login/Logout url's as >> follows, can someone please check if these are correct calls: >> >> Login URL for Google Account: >> >> UserService userService = UserServiceFactory.getUserService(); >> userService.createLoginURL(destinationURL, null, "gmail.com", new >> HashSet()) >> >> Login URL for Google Apps Account: >> >> UserService userService = UserServiceFactory.getUserService(); >> userService.createLoginURL(destinationURL, null, >> "googleappsdomaintouse.com", new HashSet()) >> >> Logout URL for Google Account and Google Apps account: >> >> UserService userService = UserServiceFactory.getUserService(); >> User user = userService.getCurrentUser(); >> userService.createLogoutURL(destinationURL, user.getAuthDomain()) > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
Re: [google-appengine] Re: Using OpenID with Google App Engine and its UserService
I don't really get why you want to use OpenID if you are limiting your users to Google & Google Apps accounts? cheers James On 5 December 2010 20:54, AmaltasCoder wrote: > Ok, a bit more explanation: > > The problem with creating Login URL's like mentioned above is that > even yahoo.com etc. starts to work when I only want Google Account and > Google Apps to work. Is there any good reference implementation that > leaves the OpenID heavy lifting to UserService? and works for both > Google Account and Google Apps only. > > On Dec 1, 10:59 pm, AmaltasCoder wrote: >> My application on GAE should work for both Google Accounts and Google >> Apps accounts. I understand that UserService on app engine makes the >> task of using OpenID easy. I generate the Login/Logout url's as >> follows, can someone please check if these are correct calls: >> >> Login URL for Google Account: >> >> UserService userService = UserServiceFactory.getUserService(); >> userService.createLoginURL(destinationURL, null, "gmail.com", new >> HashSet()) >> >> Login URL for Google Apps Account: >> >> UserService userService = UserServiceFactory.getUserService(); >> userService.createLoginURL(destinationURL, null, >> "googleappsdomaintouse.com", new HashSet()) >> >> Logout URL for Google Account and Google Apps account: >> >> UserService userService = UserServiceFactory.getUserService(); >> User user = userService.getCurrentUser(); >> userService.createLogoutURL(destinationURL, user.getAuthDomain()) > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
Re: [google-appengine] Re: Using OpenID with Google App Engine and its UserService
You either have to use OpenID (federated login) or use your own authentication, which will probably also be OpenID, to use both Google and Google Apps accounts from the same application. Otherwise you are restricted to either 1) only Google accounts or 2) exactly one Google Apps domain. Robert On Sun, Dec 5, 2010 at 22:37, James Broberg wrote: > I don't really get why you want to use OpenID if you are limiting your > users to Google & Google Apps accounts? > > cheers > > James > > On 5 December 2010 20:54, AmaltasCoder wrote: >> Ok, a bit more explanation: >> >> The problem with creating Login URL's like mentioned above is that >> even yahoo.com etc. starts to work when I only want Google Account and >> Google Apps to work. Is there any good reference implementation that >> leaves the OpenID heavy lifting to UserService? and works for both >> Google Account and Google Apps only. >> >> On Dec 1, 10:59 pm, AmaltasCoder wrote: >>> My application on GAE should work for both Google Accounts and Google >>> Apps accounts. I understand that UserService on app engine makes the >>> task of using OpenID easy. I generate the Login/Logout url's as >>> follows, can someone please check if these are correct calls: >>> >>> Login URL for Google Account: >>> >>> UserService userService = UserServiceFactory.getUserService(); >>> userService.createLoginURL(destinationURL, null, "gmail.com", new >>> HashSet()) >>> >>> Login URL for Google Apps Account: >>> >>> UserService userService = UserServiceFactory.getUserService(); >>> userService.createLoginURL(destinationURL, null, >>> "googleappsdomaintouse.com", new HashSet()) >>> >>> Logout URL for Google Account and Google Apps account: >>> >>> UserService userService = UserServiceFactory.getUserService(); >>> User user = userService.getCurrentUser(); >>> userService.createLogoutURL(destinationURL, user.getAuthDomain()) >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To post to this group, send email to google-appeng...@googlegroups.com. >> To unsubscribe from this group, send email to >> google-appengine+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
Re: [google-appengine] Re: Using OpenID with Google App Engine and its UserService
Ah that makes sense. I was under the impression that the Users API
worked with Google Accounts *and* accounts on your own Google Apps
domains, but it's an either/or proposition as you say.
If you are using Java, a filter is a good approach to handle this. I
use this approach to restrict my users to OpenID holders that have
registered with my system previously, instead of letting all comers
login.
public class LoginFilterImpl implements Filter {
}
James
On 6 December 2010 16:57, Robert Kluin wrote:
> You either have to use OpenID (federated login) or use your own
> authentication, which will probably also be OpenID, to use both Google
> and Google Apps accounts from the same application. Otherwise you are
> restricted to either 1) only Google accounts or 2) exactly one Google
> Apps domain.
>
>
>
> Robert
>
>
>
>
>
>
>
>
> On Sun, Dec 5, 2010 at 22:37, James Broberg wrote:
>> I don't really get why you want to use OpenID if you are limiting your
>> users to Google & Google Apps accounts?
>>
>> cheers
>>
>> James
>>
>> On 5 December 2010 20:54, AmaltasCoder wrote:
>>> Ok, a bit more explanation:
>>>
>>> The problem with creating Login URL's like mentioned above is that
>>> even yahoo.com etc. starts to work when I only want Google Account and
>>> Google Apps to work. Is there any good reference implementation that
>>> leaves the OpenID heavy lifting to UserService? and works for both
>>> Google Account and Google Apps only.
>>>
>>> On Dec 1, 10:59 pm, AmaltasCoder wrote:
My application on GAE should work for both Google Accounts and Google
Apps accounts. I understand that UserService on app engine makes the
task of using OpenID easy. I generate the Login/Logout url's as
follows, can someone please check if these are correct calls:
Login URL for Google Account:
UserService userService = UserServiceFactory.getUserService();
userService.createLoginURL(destinationURL, null, "gmail.com", new
HashSet())
Login URL for Google Apps Account:
UserService userService = UserServiceFactory.getUserService();
userService.createLoginURL(destinationURL, null,
"googleappsdomaintouse.com", new HashSet())
Logout URL for Google Account and Google Apps account:
UserService userService = UserServiceFactory.getUserService();
User user = userService.getCurrentUser();
userService.createLogoutURL(destinationURL, user.getAuthDomain())
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Google App Engine" group.
>>> To post to this group, send email to google-appeng...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> google-appengine+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/google-appengine?hl=en.
>>>
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Google App Engine" group.
>> To post to this group, send email to google-appeng...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> google-appengine+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/google-appengine?hl=en.
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To post to this group, send email to google-appeng...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengine+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To post to this group, send email to google-appeng...@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en.
Re: [google-appengine] Re: Using OpenID with Google App Engine and its UserService
I've been thinking about this myself, for a few days. In order to sell a GAE app on Google Apps Marketplace, must we: - Use OpenID - force users to only use Google's OpenID (that last bit seems to be the logical conclusion from the directive not to show an intermediate login screen) Is this correct? On Mon, Dec 6, 2010 at 6:28 AM, l.denardo wrote: > You can use the explicit addresses for OpenID endpoints: > > userService.createLoginURL(redirectTo, "gmail.com", >" > https://www.google.com/accounts/o8/id";, attributesRequest); > > String appsLoginUrl = userService.createLoginURL(redirectTo, > loginDomain, >" > https://www.google.com/accounts/o8/site-xrds?hd="; + > loginDomain, attributesRequest); > > These should work to filter only google accounts and apps accounts for > your requests. > I switch between the two using a simple request parameter. > > Regards > Lorenzo > > > On Dec 1, 6:59 pm, AmaltasCoder wrote: > > My application on GAE should work for both Google Accounts and Google > > Apps accounts. I understand that UserService on app engine makes the > > task of using OpenID easy. I generate the Login/Logout url's as > > follows, can someone please check if these are correct calls: > > > > Login URL for Google Account: > > > > UserService userService = UserServiceFactory.getUserService(); > > userService.createLoginURL(destinationURL, null, "gmail.com", new > > HashSet()) > > > > Login URL for Google Apps Account: > > > > UserService userService = UserServiceFactory.getUserService(); > > userService.createLoginURL(destinationURL, null, > > "googleappsdomaintouse.com", new HashSet()) > > > > Logout URL for Google Account and Google Apps account: > > > > UserService userService = UserServiceFactory.getUserService(); > > User user = userService.getCurrentUser(); > > userService.createLogoutURL(destinationURL, user.getAuthDomain()) > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- Ross M Karchner http://eventgrinder.com -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
Re: [google-appengine] Re: Using OpenID with Google App Engine and its UserService
Actually I did a test on this this morning, it looks as though the docs are wrong. In my tests I *always* got a user_id, even when using non-google providers. Can a Googler please verify this / fix the docs? What I have been doing in my own apps, and what others have mentioned, the best way is going to be relying on the fact you control part of the process. You will be the one who constructs the login url: "https://www.google.com/accounts/o8/site-xrds?hd="; + apps_domain Just make sure you don't design your app such that I can somehow submit a different OpenID url. Robert On Sun, Dec 5, 2010 at 22:30, Robert Kluin wrote: > I know it is not ideal, but perhaps after a user log in your could > check the user_id property? > > If the email address is not associated with a Google account, > user_id returns None. > > http://code.google.com/appengine/docs/python/users/userclass.html#User_user_id > > > Robert > > > > > > > > On Sun, Dec 5, 2010 at 04:54, AmaltasCoder wrote: >> Ok, a bit more explanation: >> >> The problem with creating Login URL's like mentioned above is that >> even yahoo.com etc. starts to work when I only want Google Account and >> Google Apps to work. Is there any good reference implementation that >> leaves the OpenID heavy lifting to UserService? and works for both >> Google Account and Google Apps only. >> >> On Dec 1, 10:59 pm, AmaltasCoder wrote: >>> My application on GAE should work for both Google Accounts and Google >>> Apps accounts. I understand that UserService on app engine makes the >>> task of using OpenID easy. I generate the Login/Logout url's as >>> follows, can someone please check if these are correct calls: >>> >>> Login URL for Google Account: >>> >>> UserService userService = UserServiceFactory.getUserService(); >>> userService.createLoginURL(destinationURL, null, "gmail.com", new >>> HashSet()) >>> >>> Login URL for Google Apps Account: >>> >>> UserService userService = UserServiceFactory.getUserService(); >>> userService.createLoginURL(destinationURL, null, >>> "googleappsdomaintouse.com", new HashSet()) >>> >>> Logout URL for Google Account and Google Apps account: >>> >>> UserService userService = UserServiceFactory.getUserService(); >>> User user = userService.getCurrentUser(); >>> userService.createLogoutURL(destinationURL, user.getAuthDomain()) >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To post to this group, send email to google-appeng...@googlegroups.com. >> To unsubscribe from this group, send email to >> google-appengine+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
