Hi Martin, OAuth might work for you. I'm building an app on GAE using OAuth to connect with meetup.com's API. It works like a charm once you figure out the OAuth workflow. I'm using OAuth v1, and the access tokens don't expire until the user explicitly revokes access to your application. People often recommend you store the access tokens. OAuth v2 is the way to go for new applications.
You can still use Google accounts for authentication. But keep in mind that the accounts people use to access the website you're connecting to (e.g. meetup.com) might not be their Google account. So, to access your app, in the worst case, people would need to have an account for the website (e.g. meetup.com) and Google. FYI .. I'm using scribe-java for OAuth: https://github.com/fernandezpablo85/scribe-java and objectify-appengine for the GAE datastore: http://code.google.com/p/objectify-appengine/ -- Ray On Jun 13, 1:41 pm, Martin <[email protected]> wrote: > Hi Guys, > > I'm building a java app that serves content to multiple mobile devices > running a phonegap-style native/web app. > I'm looking for a way to have these devices only have to register once then > be authenticated for all futher requests to appengine. > From what I've read OAuth seems like a good fit but that would restrict me > to using google accounts for authentication. Is OAuth even suitable for > this, do the tokens expire? > Is there a simpler way to achieve this in java by saving session objects for > example without majorly compromising security? > > Any help would be much appreciated! > > Thanks, > > Martin -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
