Gmail Contextual Gadgets and OpenID Authentication steps

Question

I'm trying to understand the correct sequence of steps followed by Gmail when loading and authenticating a contextual gadget. One of the reasons (there are others) is that I want to know whether I can make the gadget manifest behind a Open ID authentication so that only authenticated users will be able to pull the gadget in to Gmail.

I haven't seen any documentation on this anywhere. Here's how I think it works... (where mysite.com is an openID relying party).

User: clicks on a mail in Gmail inbox Gmail: Load email. Retrieve gadget manifest from mysite.com/gadgets/gadget.xml MySite: You need to be authenticated to access gadgets/gadget.xml Gmail: Here's the user's OpenID MySite: Here's gadgets/gadget.xml Gmail: "paints" the gadget contents on the context area of the email

Please correct me if this is wrong

Answer 1

Well, I think the answer to my question is here: http://code.google.com/googleapps/marketplace/best_practices.html#gadget_sso

According to this, there's no implicit OpenID authentication. It's your responsibility to make it happen by using osapi.http.get.