Well django 1.0 was updated today on Google AppEngine. But you can make user authentication like anything else you just can't really use sessions because it is so massive.
There is a session utility in http://gaeutilities.appspot.com/
http://gaeutilities.appspot.com/session
http://code.google.com/p/gaeutilities/
Or,
You have to create your own user tables and hash or encrypt passwords, then probably create a token system that mimics session with just a token hash or uuid cookie (sessions are just cookies anyways).
I have implemented a few with just basic google.webapp request and response headers. I typically use uuids for primary keys as the user id, then encrypt the user password and have their email for resets.
If you want to authorize users for external access to data you could look at OAuth for application access.
If you just want to store data by an id and it is more consumer facing, maybe just use openid like stackoverflow and then attach profile data to that identifier like django profiles (http://code.google.com/p/openid-selector/).
django 1.0 just came out today on GAE but I think the same problems exist, no sessions, you have to really create your own that store session data.