Hi, I am writing an application where I want to restrict the users that can log on. My preference is to use Google Accounts authentication as that way I don't need to worry about creating, storing, encrypting, etc. usernames and passwords. Of course the problem is that using Google Accounts authentication anyone with a Google account can log in whereas I want a select few on my whitelist.
The only way I can see to do this is to allow the user to log on and then use the UserService.getCurrentUser to get the username / e-mail, and only if they are on the white list I then 'open up' the application to give access. Is this a reasonable approach? The alternative would be to use a Google Apps domain. That may work but I really don't need the functionality of Google Apps for my app and also the standard, free edition is restricted to 50 users. The third approach would be to use to create my own authenticaion api but as mentioned before, not to keen on that. I'd appreciate if you could give any suggestions for the best practice for my use case. Thanks. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
