Authomatic and Flask-Login

@app.route('/login/<provider_name>', methods=['GET', 'POST'])
@authomatic.login('g')
@requires_ssl
def login(provider_name):
    if g.user is not None and g.user.is_authenticated():
        return redirect(url_for('index'))
    if authomatic.result:
        if authomatic.result.error:
            return 'Something went wrong: {0}'.format(authomatic.result.error.message)
        if authomatic.result.user:
            if not (authomatic.result.user.name and authomatic.result.user.id):
                authomatic.result.user.update()
#                while update_response.status/100 not in [4, 5]:
#                    update_response = authomatic.result.user.update()
#                if update_response.status/100 in [4, 5]:
#                    return 'Response status: {}'.format(authomatic.response.status)
            user = User.query.filter_by(email=authomatic.result.user.email).first()
            if user is None:
                nickname = authomatic.result.user.name
                if nickname is None or nickname == "":
                    nickname = authomatic.result.user.email.split('@')[0]
                nickname = User.make_valid_nickname(nickname)
                nickname = User.make_unique_nickname(nickname)
                role = ROLE_USER
                if authomatic.result.user.email in PRESET_ADMINS:
                    role = ROLE_SUPERADMIN
                user = User(nickname=authomatic.result.user.name,
                            email=authomatic.result.user.email,
                            about_me=authomatic.result.user.id,
                            role=role,
                            join=datetime.utcnow(),
                            last_seen=datetime.utcnow())
                db.session.add(user)
                db.session.commit()
            g.user = user
            login_user(g.user, remember=True)
            flash('You are now logged in!')
            return render_template('result.html', result=authomatic.result)
    return authomatic.response

Yea, I am not hellbent on the security of just checking the email. I plan to eventually implement twitter/facebook (facebook, bleh, but everyone uses it) and I wanted to keep things simple, at least initially. Do you know if the result.user.id is something that is confidential / private? I can't find that information anywhere. I was just sticking it in the about_me so I could see what the value was. Perhaps maybe @peterhudec can comment?

Just came back to this while looking around to see why result.user.id was coming up None from a new machine. It was coming up as a unique id for each user from google at least, but I'm not sure how private/secure that id is. I just saw it as a unique identifier for each google account and went with that instead of the email, but not consciously.

On the matter of security, due to the method that is used with the authentication I think it would be difficult to get in the middle of or inject anything as long as you're using ssl - it would likely be easier to pretend to be google than attempt to exploit the flask app's route at that point.

So at that point in the authentication process, checking against email would be just fine, and probably makes more sense than the google id for account lookup. The usages of the google id for the authentication process are probably few.