SSO, using Google Apps user database

I have found loads of resources on how to implement SSO from Google Apps, in other words using a third party user database to authenticate users when logging into Google Apps.

I want to do it the other way around; we are making a web application for internal use, and we already have a functioning deployment of Google Apps we are quite satisfied with. I want to manage my users from Google Ap开发者_开发百科ps, and I want the users to log in using their Google Apps credentials.

It would be quite possible to take their credentials, then automatically attempt to log in on Google's servers using the credentials provided, but that's not exactly an ideal solution.

Any suggestions?

Have a look at the ClientLogin API, in the Provisioning API section (code.google.com / Google Apps / Management API's / Provisioning )

It allows you to authenticate users given their username and password.

Note that OpenID is a MUCH better way of doing this, and nothing in your post explains why this would not be a better choice.

Problems with ClientLogin:

• Google will dislike you (they want people using OAuth etc.)
• you will get occasional 403 and CAPTCHA errors
• there is no SSO here, unlike with OpenID

That last point is actually important - managing the login yourself sounds like a good idea BUT is not the preferred option for most users...