Re: AuthSub user identification in a mashup? - Jeff S - com.googlegroups.google-base-data-api

3 messages in com.googlegroups.google-base-data-apiRe: AuthSub user identification in a ...

From	Sent On	Attachments
xailor	21 May 2007 16:07
xailor	22 May 2007 09:45
Jeff S	23 May 2007 18:06

Subject:	Re: AuthSub user identification in a mashup?
From:	Jeff S (j....@google.com)
Date:	05/23/2007 06:06:13 PM
List:	com.googlegroups.google-base-data-api

Hi xailor,

I see that you've shied away from using AuthSub tokens as a permanent user tracking solution and I think this is a wise decision. Even if you have a multi-use session token, a user can revoke this token and request a new one. I think you might have to use some mechanism other than the AuthSub token to identify returning users. This can often be problematic, IP tracking, cookies, and other passive mechanisms can give incorrect results, in the end it might be easiest to have users sign in with credentials just for your site, you might also want to look at OpenID. I can't really make a recommendation, I'm just throwing out some ideas.

Happy coding,

Jeff

On May 21, 4:07 pm, xailor <jsje...@gmail.com> wrote:

I'm making a site where I will be employing Base and as well AuthSub. I will be putting most data into Base, but some local data will still exist, as such I need to track users between sessions so they can access their local data again.

I do however need SOME consistent identifier for the authsub authenticated user, but how do I get this? I don't need a username or a password, just a hash or some other unique identifier for that user. The Tokens (and rightfully so) are generated on the fly and don't provide any consistent reference to my site's user.

Has anyone been able to obtain some consistent user reference/ identifier from Google's AuthSub?