Gadget OAuth2 from OpenID Authentication

Question

I am updating my app to OAuth2 and have few questions.

Email address is the user id in our application.

• As explained in the old docs for openid association with the user id in our app, we were showing a popup storing the open_social_id in the database and creating a temp session key. After the user was successfully associated, we were adding the open_social_id next to the user id looking at the temp session key. This was/is working fine. https://developers.google.com/google-apps/marketplace/best_practices#gadget_sso

But with oauth2, since we get the email address (From Contacts Scope of the current user who is logged in), I am trying to figure out how to authenticate this at my server? Should I accompany email address with open_social_id and rely on open_social_id everytime in the future? Is this the right way?

Or should I add OAuth2 proxy at my server to allow access with the right scope.

Thanks.

Answer 1

You don't have to change too much.

In the old setup, you displayed a popup that passed through openId to get the user's identity and e-mail address.

In the new setup, you show a popup that does an OAUTH2 dance to get the user's identity and e-mail address.

Because the scopes are pre-authorized, the end user will not see the consent screen and from a end user's perspective, nothing really changes.