Grant GAE-app access to a Google API with google-api-python-client

Question

I'm developing a Google App Engine-app where one can fill out an online-form and based on how you fill it out a calendar post in a specific Google Calendar is created. What I'm wondering about is authorization in this type of situation where I want this form to be 100% publicly available and require no login whatsover to create the calendar post.

Using OAuth2 I have gotten the actual form and post-creation to work as I want but only when I'm signed in.

This is what I'm doing now, I have:

• One registered app, let's call it form-app(.appspot.com)
• One Google account, let's call it form-app-admin(@gmail.com) This account owns the Google Calendar that the posts are going in.
• One API Project owned by form-app-admin

I have used these and the google-api-python-client library (with its oauth2decorator) as in the Google App Engine-example so when I'm logged in as form-app-admin and surf onto form-app.appspot.com everything works exactly as I want it to but if I am not logged in as form-app-admin, naturally, it doesn't.

So what I would like to do is to kind of grant this permission to write to form-app-admin's primary calendar to the actual app rather than the user currently using the app. Or is there a better way? The only premises is that anyone (logged into gmail or not) should be able to fill out the form and thus creating a post in some google calendar.

Naturally I would be very thankful if anyone happened to have the appropriate python code to achieve this but primarily I want help figuring out how to go about this since I have very little experience with auth-related stuff.

Thank you for your time! /Tottish

Answer 1

What you want is the App Identity API. That page shows examples of how to use the API to assert identity to Google APIs.