14 Jan 2017
We can authenticate user using an access token. Calling OAuth Google API to get the email from an access token is not difficult. There are a myriad of options here.
The tricky part is how to make
google.appengine.api.users.get_current_user().email() return the email authenticated with OAuth.
After looking at the code, we simply can override the env
email() will return that email.
But I can't find a way to make
google.appengine.api.users.is_current_user_admin() return correct value. We could probably call an API to see if the email is an admin and override
USER_IS_ADMIN. But that's a bit too much work.