Authentication with App Engine, regardless of where you're doing it, is a three-stage process:
Obtain an authentication token. This can be done with ClientLogin for installed apps, for example, or with AuthSub for a webapp. When logging in directly to an application, this is the part of the login process where your user sees a Google signin screen.
Take that authentication token, and use it to obtain an authentication cookie.
Use that authentication cookie in all subsequent requests.