The Google Apps Marketplace lets you configure a Universal Navigation link for logged-in Apps users to click to load your web application. Since the user will be logged in to their Google Apps account when they click on that link, I'm wondering is there a good way to quickly authenticate them when they click on that link and hit a web application server endpoint?
I suppose it would be possible to just forward them on to a Google authentication page with a callback redirect_uri for when the authentication is complete, but it seems like that would require an extra step with the redirect, wouldn't it?
I know that you can send some parameters like ${DOMAIN_NAME} in the Universal Navigation link, but is there any other information I can send with that URL? I couldn't find any kind of documentation for this.
OK, so what I've figured out is that even though when clicking the Universal Navigation link, the user is coming from Gmail and is already authenticated, the only way to complete the authentication in your app and to receive an access token is to perform a standard OAuth 2.0 redirect with the required scopes and redirectUri. If the user is already logged in, your application's redirect to the Google OAuth 2.0 endpoint will in turn be redirected back to your application, along with a code which can be used to retrieve an access token.
At that point, one can use the People API's GET endpoint to retrieve the current user by passing "me" for the user id.