How to implement Google App Engine authentication?

Question

How to implement Google App Engine authentication?

I would like my iPhone application to save & retrieve data from the App Engine application, but how can I make sure that only my application fulfills these requests?

Do I need to create a gmail account and allow this account as the administrator of my Google App Engine application? So, can I use this account in the iPhone app to process the request?

I just don't want non-iPhone users to have access to the application core application. Any ideas?

+3

authentication google-app-engine iphone

Ton Nov 17 '09 at 19:34

source share

1 answer

Nick Johnson · Accepted Answer · 2009-11-17T20:04:56+0000

You can define your own API and use any authentication method that you prefer. You will need to inject some kind of secret into your application that you use for authentication, for example, a randomly generated secret key.

In general, it is not possible to embed a key in user software that users cannot retrieve. You have a slight advantage on the iPhone because it is a very controlled platform: most users do not have access to your application binary files. However, you are still vulnerable to a user with a rooted iPhone who parses your application and retrieves a secret - and there is nothing you can do about it.

.

How to implement Google App Engine authentication?

More articles: