Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Migrate users from Google App Engine to Google OpenID

I migrated away from Google App Engine several months ago. But I am still relying on it for authentication, because my users are identified by their user_id attribute on GAE.

For this purpose my (now external) applications redirect the user to a Google App Engine application using a encrypted, signed and timestamped login request. The GAE application then performs the login using GAE's "Users" service. After successfully being logged-in on GAE, the user is again redirected using a encrypted, signed and timestamped response to my external application. The rudimentary implementation can be found here and here. As you can see, this is very basic and relies on heavy crypto that leads to bad performance.

My external applications, in this case Django applications, are storing the user_id inside the password field of the user table. Besides the user_id, I only get the email address from GAE to store username and email in Django.

Now I would like to remove the dependency on the GAE service. The first approach which comes to mind would probably be to send an email to each user requesting him to set a new password and then perform my own authentication using Django.

I would prefer a solution which relies on Google's OpenID service so that there is actually no difference for the user. This is also preferred, because I need to send the user to Google anyway to get AuthSub tokens for the Google Calendar API.

The problem is that I couldn't find a way to get the GAE user_id attribute of a given Google Account without using GAE. OpenID and all the other authentication protocols use different identifiers.

So now the question is: Does Google provide any API I could use for this purpose which I haven't seen yet? Are there any other possible solutions or ideas on how to migrate the user accounts?

Thanks in advance!

like image 709
mback2k Avatar asked Apr 04 '12 07:04

mback2k


Video Answer


3 Answers

The best way to do this is to show users a 'migration' interstital, which redirects them to the Google OpenID provider and prompts them to sign in there. Once they're signed in at both locations, you can match the two accounts, and let them log in over OpenID in future.

like image 189
Nick Johnson Avatar answered Nov 15 '22 10:11

Nick Johnson


AFAIK, the only common identifier between Google Accounts and Google OpenID is the email.

  1. Get email when user logs into Google Account via your current gae setup. Use User.email(). Save this email along with the user data.

  2. When you have emails of all (most) users, switch to Google OpenID. When user logs in, get the email address and find this user in the database.

like image 38
Peter Knego Avatar answered Nov 15 '22 09:11

Peter Knego


Why don't you try a hybrid approach:

  1. Switch to OpenId
  2. If your application already knows the userId, you are done
  3. If not ask the user, if he has an account to migrate
  4. If yes, log him in with the old mechansim and ttransfer the acount
  5. If not create a new account
like image 38
Ruediger Jungbeck Avatar answered Nov 15 '22 11:11

Ruediger Jungbeck