John is absolutely right. It's up to the 3rd party to identify the user. That most likely means that you'll need to provide your own authentication system. AuthSub/OAuth are meant for authorization.
I recommend checking out the Federated Login/OpenID API if you'd like to avoid rolling your own login: http://code.google.com/apis/accounts/docs/OpenID.html Eric On Jun 1, 10:44 am, John Cook <[email protected]> wrote: > That's sort of the whole point of AuthSub and other such APIs. The user has > granted read and/or write access to the *data*, but you can't map that back > to an actual identity. So privacy can be at least somewhat protected. > > On Thu, May 28, 2009 at 12:27 AM, Olga <[email protected]> wrote: > > > It appears that the API deliberately avoids giving access to google > > account user id. What is the reasoning behind this decision? > > > Our application uses AuthSub. We will email user a link that will > > redirect them to their google health account, they will give us > > permission and will be redirected back to our page where we now get > > the session token. Nowhere in this process are we aware of what the > > user id is. A user can potentially go through this process several > > times in which case we will end up of multiple references to the same > > account. > > > Does this sound like a possible problem and, if so, how can we prevent > > it? > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
