In studying the AuthSub sample code at this location: http://code.google.com/appengine/articles/gdata.html
I am confused about the comments pasted below. In the "elif" case, how can there be a token without there being a current (logged in) user? In order for the app to have received a token to begin with, didn't it have to know which user was accessing the app? Could you give me a scenario in which there would be a token, but the user hasn't logged in yet? The only case I can think of is if the user just logged in at the page to grant them the token (from client.GenerateAuthSubURL), but hasn't yet logged into my app (using the link generated by users.create_login_url). If I am right about this, then could I avoid this by always first requiring my user to login to my app, before checking to see if they have a token? Thanks, Dave session_token = None # Find the AuthSub token and upgrade it to a session token. auth_token = gdata.auth.extract_auth_sub_token_from_url (self.request.uri) if auth_token: # Upgrade the single-use AuthSub token to a multi-use session token. session_token = client.upgrade_to_session_token(auth_token) if session_token and users.get_current_user(): # If there is a current user, store the token in the datastore and # associate it with the current user. Since we told the client to # run_on_appengine, the add_token call will automatically store the # session token if there is a current_user. client.token_store.add_token(session_token) elif session_token: # Since there is no current user, we will put the session token # in a property of the client. We will not store the token in the # datastore, since we wouldn't know which user it belongs to. # Since a new client object is created with each get call, we don't # need to worry about the anonymous token being used by other users. client.current_token = session_token --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---