Geek Answers Handbook

Google application apps talk to each other

Iโ€™m looking for a way in which two Google Apps applications can talk to each other and exchange data with each other. I have the following script:

  • Application. A user registers a user by logging in to Google Apps.
  • Appendix B logs user in using Google Apps login
  • then these applications should communicate directly with each other (server-server) using some APIs

Question: how do these applications verify that another is registered with the same user on Google? I would suggest something like: - Application A receives a โ€œtokenโ€ from Google and sends it to application B - Application B checks that this token is valid for the same Google account as when logging in using

Is there any way to do this through Google Federated Login? I am talking about Hybrid Protocol here.

+4
source share
2 answers

Here is an easy way to do this:

  • You save everything related to the Google user ID for both applications.
  • You share data using HTTP requests containing the user ID.
  • To prevent leakage of user IDs (prohibited by the API of the account) and to check whether the messages really come from another application, you encrypt requests using a symmetric cipher like AES or Blowfish, or as you like. Both applications have the same key.

You can use public key cryptography. Having only two applications, in my opinion it is not worth it. If you are starting to have more applications, a public key makes sense.

Precise printing: encryption does not guarantee integrity or origin without additional measures. You need to take precautions against playback, for example by including a time stamp or serial number. You need to take precautions against counterfeiting, for example. with a checksum. Be sure to use CBC and good initialization vectors. Keep the key secret.

+1
source

user.user_id() always the same in all applications for the same user. That way you can simply compare the values โ€‹โ€‹returned by user.user_id() . Is this what you are looking for?

Note. Each user has the same user ID for all App Engine applications. If your application uses the user ID in public data, for example, by including it in the URL parameter, you should use a hash algorithm with the addition of a "salt" to hide the identifier. Identifying raw identifiers may allow someone to associate activity in one application with another, or get the user's email address, forcing the user to sign into another application.

From the documents

+1
source

More articles:


All Articles