We're writing a Desktop application that relies on Google Appengine to authenticate the user and retrieve and store data associated to it. The way we'd like to authenticate the user is that on launching the application the browser is launched at the login url for our application. Then the user logins there, and then the application makes restful calls without any OAUTH object, but re-using the browser session. I'm questioned that this won't work, since we cannot so transparently use the browser session. Is that correct? Any alternatives beside authenticating from within the app using the ClientLoginApi?
I'm aware of: http://stackoverflow.com/questions/101742/how-do-you-access-an-authenticated-google-app-engine-service-from-a-non-web-pyt