Before I dig into the details of implementing this particular design, I wanted some advice/validation on whether I was approaching it correctly. I have a beginners knowledge of Android, advanced beginner in Python, GAE, and OpenId.
Environment
- Android application
- Web Services built in Python on Google App Engine
- User(s) with Google Account
Scenario
I want to enable sign-in capabilities in my Android application without writing my own authentication system in GAE. Within the app, the user should be able to play as a guest without the ability to save high scores. If a user would like to have his high scores saved, he would authenticate against his Google account on the Android device. At the end of the game, the authenticated users high score would be saved (associated with his Google Account) via the game's web services on Google App Engine. The user should also be able to sign-out and hand the device to a friend who could also log in, play a game, and save her high scores associated with her Google account.
Design
- In the Android application, use OpenId for authentication whenever the user wishes to sign-in (using something along the lines of what Nick has posted here.
- Grab the OpenId token from the cookie that is returned and associate it with the current user.
- Make a web service call to the GAE services adding the token as a cookie and including the high score
- The web service would authenticate that the token is valid
- The web service would determine the unique Google accounts id associated with the token (don't know how to do this, but assuming there should be a means to do this) and lookup that unique id against a cross reference table to find the users in-game id (which was previously created during account setup)
- Save the high score associated with the in-game id.
- Allow logout so another user can login to the game with their Google Account and repeat above process
Thank you for your help
You might find the 2011 Android + App Engine IO talk helpful.
I would look at Google's OpenID instead of OAuth. OpenID is the protocol for a federated login. See Google's information on OpenID.