Hey Jason, I was actually working on a similar thing just over a year ago. My usecase was pretty simple, I wanted a domain admin to be able to select which users (or group) was authorized to access the app, the set permissions on those users / groups.
I honestly can't remember the exact solution I wound up using, but I do recall mocking up the exact same solution you propose. I do not recall ever finding a better solution though. I also vaguely remember hitting some edge cases where the user accounts didn't get correctly associated. I think that may have been due to all the Apps accounts being transitioned to Google accounts around the time though. If you find something better, I'd love to hear about it. Robert On Wednesday, January 18, 2012, Jason Collins <[email protected]> wrote: > I'm not sure where to pose this question; it sits right on the > interface between App Engine and Apps Provisioning API. > > I have an App Engine app that is using Federated Identity (OpenID) as > its authentication method. The Users API suggests the following: > > "The User object for a valid user can provide a unique ID value for > the user that stays the same even if the user changes her email > address. The user_id() method returns this ID, a str value." > > So, it seems that the user_id is the correct thing to use as the > key_name for my custom User model. > > I'd like to import users from a Google Apps domain, so I am > interacting with the Apps Provisioning API to do so. However, there is > no corresponding user ID on that GData API. The best I have is > username, which is the front portion of the email address. (reference: > http://code.google.com/googleapps/domain/provisioning_API_v2_developers_guide.html#Retrieve_All_Users_in_Domain_Example ) > > I'm not sure the right way to associate these two entities. It seems > like I need to combine the Provisioning API's username with the Apps > domain to get an email address and then compare that against App > Engine's user.email(). > > But that smells to me. Is there a correct way to do this? > > Thanks for any help, including a pointer to a better place to pose > this question, > j > > -- > You received this message because you are subscribed to the Google Groups "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to [email protected]. > For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. > > -- ------ Robert Kluin Ezox Systems, LLC -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
