I have a production app on GAE that's been running for a while. I've been
using the Users service for authentication, and my user entities in the
datastore hold on to the unique account ID provided by the users service.
Now, I want to bolt on some new functionality that will live outside of the
GAE environment, but which also needs to authenticate to the existing GAE
app. I've tried to do this with standard OAuth2 (as described here:
https://developers.google.com/identity/sign-in/web/), but it seems that the
Google IDs that are given out by OAuth2 are not the same for a given user
when they login through the Users service on GAE vs regular OAuth2.
Specifically, the Oauth2 produces a JWT which unpacks to something like:
{
> iss: "accounts.google.com",
> sub: "100768731291047440489",
> azp:
> "995713799104-tn1tj3qj8l4h1rhu0sucpb6aormqekls.apps.googleusercontent.com"
> ,
> email: "[email protected]",
> at_hash: "PKaCDQBHNPH5HTbRXuAcEw",
> email_verified: "true"
>
> - ...
>
>
> - }
>
>
The sub value in that response should contain the user's unique ID, but it
doesn't match that of the Users API. So, am I missing something or is it
the case that Google's IDs are only available within the context of the
users service and differ outside of it? If this is indeed the case, is
there any way to translate from one sort of ID to the other?
Many thanks,
mike
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/bfab35d3-fd55-4cd6-966c-a56a420f7bb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
