forked from GoogleChrome/webstore-docs
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathidentify_user.html
More file actions
250 lines (214 loc) · 7.5 KB
/
identify_user.html
File metadata and controls
250 lines (214 loc) · 7.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
{{+bindTo:partials.standard_store_article}}
<h1>Identifying the User</h1>
<p>
This page tells you how to get the Google Account identity of a user,
using Google's OpenID endpoint.
You need this identity if you support Chrome Web Store Payments,
because payment information is tied to the user's Google Account.
</p>
<p>
Even if you don't use Chrome Web Store Payments,
consider using Google Accounts
if your app needs a login system.
Google Accounts can help you provide a better user experience,
since users of the Chrome Web Store are likely to be logged in already,
and they won't have to set up and remember yet another username and password.
</p>
<h2 id="when">When to support Google Accounts</h2>
<p>
The following table summarizes when you should
support Google Account logins using OpenID.
</p>
<table>
<tbody>
<tr>
<th> App cost </th>
<th> Payment plan/system </th>
<th> Support for Google Accounts (using OpenID) </th>
</tr>
<tr>
<td> Paid </td>
<td> Chrome Web Store Payment System </td>
<td> <b>Required</b> <br />
The Licensing API relies on
Google Account user IDs. </td>
</tr>
<tr>
<td> Paid </td>
<td> Custom payment solution </td>
<td> <b>Recommended</b> <br />
Users from the Chrome Web Store
will have a better experience if you support the Google Account
that they're already logged into. </td>
</tr>
<tr>
<td> Free </td>
<td> You <b>might charge</b> for the app in the future </td>
<td> <b>Recommended</b> <br />
Supporting Google Accounts might make adding payments simpler. </td>
</tr>
<tr>
<td> Free </td>
<td> <b>No plans to charge</b> for the app in the future </td>
<td> <b>Optional</b> <br />
If you want to identify individual users,
Google Accounts are a reasonable way to do so. </td>
</tr>
</tbody>
</table>
<p class="backtotop"><a href="#top">Back to top</a></p>
<h2 id="how">How to use OpenID with Google Accounts</h2>
<p>
To get the user's OpenID URL,
you query Google's OpenID service.
If the user isn't already logged in,
the user will be prompted to sign in
with a Google-provided login page or popup.
</p>
<p class="note">
<b>Note</b>:
The OpenID URL is unique for a specific Google Account
<em>and a specific app</em>.
If you publish multiple apps,
the same user will have a different OpenID URL for each app.
</p>
<p>
Here's what the login page looks like.
Note that it has a Google URL,
not a URL from the app's site:
</p>
<p>
<img src="images/openIdSignIn.png"
width="644" height="368" />
</p>
<p>
If you're writing a hosted app
with Google App Engine,
supporting Google Accounts is easy.
You just use the default
Google Accounts API authentication
and the Users service.
For details, see the user authentication docs
(for <a href="https://developers.google.com/appengine/docs/java/users/overview">Java</a> or
<a href="https://developers.google.com/appengine/docs/python/users/overview">Python</a>).
Here's an example
(taken from the
<a href="get_started.html">Licensing API</a> tutorial's
<a href="http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/apps/hello-java/HelloLicenseServlet.java" target="_blank">HelloLicenseServlet.java</a> file)
of the code you use
to get the current user's OpenID URL
if you're implementing a Java app with
Google App Engine:
</p>
<pre>
UserService userService = UserServiceFactory.getUserService();
if (userService.isUserLoggedIn()) {
User user = userService.getCurrentUser();
<em>/* ...Do something with</em> <b>user.getFederatedIdentity()</b><em>, which is the OpenID URL. */</em>
}
</pre>
<p>
If you aren't using Google App Engine,
you can get the Google OpenID endpoint
by sending a request to
<code>https://www.google.com/accounts/o8/id</code>.
See <a href="https://developers.google.com/accounts/docs/OpenID">Federated Login for Google Account Users</a>
for details.
</p>
<p class="backtotop"><a href="#top">Back to top</a></p>
<h2 id="realm">How to skip the OpenID approval screen</h2>
<p>
<img src="images/approval.png"
width="300" height="" align="right"
style="margin-left:0.5em; border:solid 1px"
alt="the Google Accounts approval page" />
Normally, the first time your app uses the Google OpenID endpoint
to authenticate a particular user,
the user must approve your access
to their account.
To the right, you can see a typical OpenID approval screen.
</p>
<p>
Your users will have a better experience
if they never see the approval screen.
The screen is skipped if <strong>both</strong> of the following are true:
</p>
<dl>
<dt> Your app requests only the OpenID URL </dt>
<dd> If your app requests something else—the
user's email address, for example—the
approval screen is shown. </dd>
<dt> You specify your app's OpenID realm in the Edit page </dt>
<dd> Here's how:
<ol>
<li> In the <a href="{{ dashboardurl }}">Chrome Developer Dashboard</a>,
go to the Edit page for your app. </li>
<li> In the <b>OpenID</b> section,
select the checkbox. </li>
<li> In the text field that appears,
enter the realm that your app will use to
query Google's OpenID service. <br />
This must be exactly the same as the value of
the <code>openid.realm</code> field in your authentication requests. </li>
<li> Save your changes. <br />
They'll take effect the next time you publish your app. </li>
</ol>
</dd>
</dl>
<p>
If your app's code doesn't specify the value of
the <code>openid.realm</code> parameter,
look at your OpenID library
to see how it sets that value.
For details on how <code>openid.realm</code> is used, see
<a href="https://developers.google.com/accounts/docs/OpenID#Parameters">Request parameters</a> in the Google OpenID documentation.
</p>
<p class="backtotop"><a href="#top">Back to top</a></p>
<h2 id="resources">OpenID resources</h2>
<p>
You should use an existing OpenID library rather than implement your own.
In addition to Google App Engine's Users service,
you can find OpenID libraries in a number of languages.
Here are a few libraries we've used:
</p>
<ul>
<li> Java:
<a href="http://code.google.com/p/openid4java/">OpenID4Java</a>
</li>
<li> Python:
<a href="http://code.google.com/p/google-app-engine-django-openid/">GAE Django OpenID</a>
</li>
<li> PHP:
<a href="http://gitorious.org/lightopenid">LightOpenID</a>
</li>
<li> Ruby:
<a href="http://rubyforge.org/projects/ruby-openid/">ruby-openid</a> and
<a href="http://github.com/josh/rack-openid">rack-openid</a>,
used together
</li>
</ul>
<p>
You can find more libraries at Janrain's
<a href="http://www.janrain.com/openid-enabled">OpenID Enabled</a>,
and a full list at the
<a href="http://openid.net/developers/libraries/">OpenID Foundation</a>.
</p>
<p>
The following pages have detailed explanations of how to
use OpenID with Google Accounts:
</p>
<ul>
<li> <a href="authentication.html">Supporting Federated Login with Google Accounts for Chrome Web Store Apps</a> </li>
<li> <a href="https://developers.google.com/accounts/docs/OpenID">Federated Login for Google Account Users</a> </li>
<li> <a href="https://developers.google.com/appengine/articles/openid">Using Federated Authentication via OpenID in Google App Engine</a> </li>
</ul>
<p class="backtotop"><a href="#top">Back to top</a></p>
<h2 id="next">What next?</h2>
<p>
If you're using the Licensing API,
your next stop is
<a href="check_for_payment.html">Checking for Payment</a>.
Otherwise, go on to
<a href="images.html">Supplying Images</a>.
</p>
{{/partials.standard_store_article}}