I want to make a multi-user client-server solution with Java Swing thick client as a front-end and Google AppEngine (Java one) as a back-end.
The problem is that GAE provides only web-based forms for logging in and out, so there's no trivial way to employ Google Accounts features in a thick client.
Can you give some advices/hints/ideas on how to allow a thick client login to and logout from a GAE webapp?
I am sorry, I can only answer you indirectly. It is possible to log in to an app on appspot.com with a Google account. You just have to do everything a browser would, including keeping some cookies and contacting several servers as they bounce you around.
I played around with this for a stillborn project a couple of months ago and ended up with a shell script that mostly runs cURL to log in. Perhaps you could take from it what you need.
There is a way for client apps to authenticate against Google Accounts, but I don't know if the token you receive can be passed back to AppEngine. See: ClientLogin for Installed Applications
as suggested by @Jason DeFontes the ClientLogin authorization process is addressing this issue.
as a minimal-effort alternative approach, you could embed the web-based (html) forms into your thick client, i.e. use a java component that supports html-rendering (like a
JEditorPane
with anHTMLEditorKit
installed) and present this component inside your swing app -- at least users would not need to switch back-and-forth between your app and the browser this way.