I'm still trying to ponder the work of OAuth / OpenID as such ...
I am developing an “installed application” that will run on computers and iPhone. This user can install the client application on several computers, and all clients installed by the user will be synchronized using the centralized Google App Engine service. GAE will also allow multiple users to collaborate with data generated by the installed application through a web application.
I do not want to roll back my own authentication system, for my own ease, and also in order to save users from another set of credentials. At first I thought about using the Google clientlogin service, but then I thought that OAuth / OpenID would be better, because it would allow users to use not only Google credentials, but also credentials of other OpenID providers. Also, avoiding a user prompt for login / password looks more secure.
My question is ... I'm not sure if this is the correct use case for OAuth / OpenID. I am not accessing data from any other service, I am just looking for an authentication solution. Also, how difficult is it to run this script using the Google App Engine (java)?
Any advice and / or starting points would be highly appreciated!
source
share