That's sort of the whole point of AuthSub and other such APIs. The user has granted read and/or write access to the *data*, but you can't map that back to an actual identity. So privacy can be at least somewhat protected.
On Thu, May 28, 2009 at 12:27 AM, Olga <[email protected]> wrote: > > It appears that the API deliberately avoids giving access to google > account user id. What is the reasoning behind this decision? > > Our application uses AuthSub. We will email user a link that will > redirect them to their google health account, they will give us > permission and will be redirected back to our page where we now get > the session token. Nowhere in this process are we aware of what the > user id is. A user can potentially go through this process several > times in which case we will end up of multiple references to the same > account. > > Does this sound like a possible problem and, if so, how can we prevent > it? > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
