Saturday 17 July 2010
Google App Engine provides its User API service, using which you can allow people with Google Accounts to easily access your application. It works in a manner much similar to Google's other login services. When you login, you are taken to a central page, common for all google services and then after you have authenticated yourself, you are redirected back to the service.
Since Google uses a central page for login and logout and it is a cookie based authentication, it might trigger question - if someone is logged into gmail or orkut or other such google service is it possible to get their Google Accounts using App Engine's Users API? In order to do so, i deployed an application on App Engine, which would write "hello World!" on the canvas. This gadget XML is generated pragmatically and at the backend, there is a code which checks for a valid Google Account Holder.
The corresponding code goes as follows:
(There is no space at line 39, the space are mentioned here to go according to the syntax highlighter)
Upon deploying the gadget on orkut and gmail, i found that everytime the gadget loads, i just see a new entry in the Log, saying "User is None".
This means that you can authenticate only users for your own domain/application, not for all of the Google products services :-)
The complete source code of the application can be found at its Google Code repository http://code.google.com/p/codecontrol-samples/source/browse/user-authentication/src/.