Wednesday, November 14, 2007 8:51 AM
There have been a few question recently about the best ways to authenticate users given GME's restriction on only allowing authenticated users to write data to the datastore feeds. I wanted to give some background on the decisions we made a provide a mini tutorial on how to handle authentication.
When developing GME we wanted to make sure we weren't contributing to the spam issues in applications. The best to do that was to prevent users who were not logged in from adding data to the datastore. To do this we created a set of controls for creating, editing and deleting data that would only be shown when the user is logged in. To make it easy for developers to specify when a user should be logged in we added a simple authenticate attribute to the gm:page tag.
There are times when you want the edit controls to be displayed for logged in users but not require everyone accessing your application to have to sign in. To do this we created a simple javascript function that you can use to send users to the sign in page.
<gm:page title="Demo - Defer authentication" authenticate="false" onload="init()">
<script>
function init() {
if (google.mashups.isUserAuthenticated()) {
document.getElementById('signInLink').style.display = 'none';
} else {
document.getElementById('signInLink').href = google.mashups.properties['loginURL'];
}
}
</script>
<div class="gm-app-header">
<h2>Displaying the login screen when a link is clicked</h2>
</div>
<gm:list data="${app}/test" template="simple"/>
<a id="signInLink" href="#" onclick="">Sign in to add entries</a>
</gm:page>
Check a working sample of this application in our demo gallery or access it here. If you have feedback on the Google Mashup Editor let us know about it in our developer forum.
