Getting an authoritative user id / email in GAE federated login

Question

When performing authentication using the OpenID federated login on GAE, my user object has the following properties:

Nickname: http://wordfaire.com/openid?id=103539105724544727060
email: sudhir.j@wordfaire.com

From the docs,

email()

Returns the email address of the user. If you use OpenID, you should not rely on this email address to be correct. Applications should use nickname for displayable names.

Obviously, this advice isn't working out very well. So how then can I get an authoritative email handle to associate with a particular OpenID provided by any Google Apps or other domain? I really need the email ID because things like invitations and sharing / access control all function via email ids.

Answer 1

If you need a valid email for OpenID users, ask the user to supply one the first time they log in, and store it yourself along with their user object.

Since anyone can create an OpenID provider, it's not safe to assume that the provider has already gathered a valid address.