Google App Engine and the Google Apps Marketplace

Question

I am a new developer to all things web design.

I have developed an application on Google App Engine and a recent client wanted to publish it on the Google Apps Marketplace. I simply added the client as an app owner to give him the ability to publish the app. He published the app on the marketplace and received this email (abbreviated):

"Your recently submitted application for the Google Apps Marketplace, ..., did not meet the OAuth2 requirements for the Google App Marketplace. More specifically, it appears that you have built your application via appengine.google.com rather than within the Google Cloud Console, https://cloud.google.com/console . The issue is that the appengine interface doesn't allow you to utilize OAuth2 which is required for the Google App Marketplace. Check out our documentation for more information about OAuth2 and how to use it with your application."

I find this very confusing because my appengine project uses OAuth2 as a service account for everything except the user login, where I simply use the User object given by google.appengine.api to check if the user is logged in. Am I to understand that you cannot use Google App Engine with the Google Apps Marketplace? Or is this simply a case of not using an appropriate login method?

Answer 1

This is very stupid. I've also faced that when I started integrated with Google Apps Marketplace. Basically you need to do 2 things:

1. Use Federated Login as Authentication Type of your application
2. Create handler for /_ah/login_required URI which will sign in automatically

I've used Gaelyk for the second point where it was pretty simple to reuse the UserService :

redirect users.createLoginURL(params['continue'], null, params.hd, [] as Set)

In plain old Java it might be more verbose but I hope you get the picture.

Answer 2

Adding federated login won't satisfy the requirements to be fully OAuth2. The User service will still use OpenID. You'll need to the Google Python Client Library to authenticate the user. Here are some good samples: https://code.google.com/p/google-api-python-client/wiki/SampleApps#OAuth_2.0_Samples

Answer 3

Currently we use Openid 2.0 for user authentication and Oauth for authorization of other services. Openid 2.0 is deprecated and Google will not provide authentication using Open Id. For time line refer this link https://developers.google.com/+/api/auth-migration#timetable

So they are suggesting to use OpenidConnect for authentication of user. OpenIdConnect is a layer written over Oauth 2.0 for authentication of user.

For references visit http://openid.net/connect/ and https://developers.google.com/accounts/docs/OAuth2Login?hl=ja#appsetup