I'm using AppAssertionCredentials on my python GAE app, to authenticate as a service account. However this is a generic service account, I don't see how to authorize it to impersonate user accounts in my Google Apps Domain.
This was possible with the JWT credentials way (see this video: http://www.youtube.com/watch?v=iK14bfd6qhs) but JWT doesn't work on appengine.
any suggestions?
SignedJwtAssertionCredentials can be used on App Engine, just be sure to turn on PyCrypto 2.6, and convert the PKCS12 key file into a PEM file:
$ openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem