I was able to set up my GAE application to only allow users from our Google Domain, but I want to take this a step further. All of our users are placed into specific Google Groups based on their roles within the community. For example, Contributors would have a group called "contributors" and Users would have a group called "users", and some of these users would also be in the "contributors" group.
Is there a way to restrict who can use the application based on what Google Group they are in? Like if I only wanted people in the "contributors" group within my Domain to be able to access it? I was hoping there was a way to do this in the Admin Console within my Domain.
If not, can I query the Groups API to get a list of groups the user is in, and then use that to determine whether they can log in or to determine what content or pages they are served?
Google App Engine does not provide a built-in way to restrict who can use the application base on Google Groups Membership. You will need to handle the authorization bit on your application using the Directory API