Breaking out of your domain

One of my first toy apps written for App Engine was a URL Shortlinker (see http://aef.appspot.com/ ). While Short Links are certainly not a very complex problem, an interesting aspect of the app was what I described as namespacing: by binding the same app to several domains, users could create their own segment in the datastore and create their own, personalized short links.

While this approach worked pretty well from the beginning of App Engine's release, there was always the problem of login: while a domain user of Google Apps was able to connect to the app, he could not use Google Apps account to log in. Only regular Google accounts could be used, which limited the usefulness of my approach severely.

A few days ago, that limitation disappeared (well, at least for new apps, since I am not going to put any effort into this old short linker): According to the Google Blog, it is now possible to use Google Apps together with OpenID. This means, Google Apps credentials can become an additional source of identity that can be mixed and matched with regular accounts, yahoo and many other sources (see http://dyuproject.appspot.com/openid for an example of the variety, and http://code.google.com/p/dyuproject/ for the code behind the app). By breaking out of the restriction to a single auth domain, developers can open up their projects to an even greater audience. For example, if you are developing a shopping cart, you can restrict login to the domain of the vendor for the store backend, but have anyone with an openid account log into the frontend to check out and purchase items.

I'm looking forward to hearing from app engine developers who have successfully leveraged this new feature. If you know of any, please post a comment to this blog.