I can't manage to clear the cookies in my Google app engine SDK on Mac OS. Basically every time i need to upload an app which is related to a different user I need to specify the --no_cookie flag and be redirected to an authentication page which doesn't no overwrite the existing cookie.
I have tried by clearing up the cookies in Chrome but it seems the cookies used by app engine are stored somewhere else.
It seems the only way is to delete the
/Users/<username>/.appcfg_oauth2_tokens
file
Related
Background
We have a large Ionic v1 app that runs on Android (by obtaining it from the Google Play Store) and also on our development machines via "ionic serve".
The app uses a Google App Engine (GAE) website as a backend server.
The server maintains sessions for each user by means of a cookie. We don't store much data in the session, but we need to securely identify the user making each request. When the app runs successfully, the GAE server code creates a cookie that contains the session ID and sends it to the Ionic client code when responding to each HTTP request.
Note:
That the Ionic code does not access the cookie in any way. It is only
necessary that the same cookie be sent back to the GAE server with each
subsequent request so that the GAE code recognizes the user.
The goal
We would like to serve the Ionic code by use of Firebase Hosting. We can in fact do so in both of two modes:
Keeping the Ionic code on our dev machine, running "firebase serve", and going to "localhost:5000" on the browser
Deploying the Ionic code to the Firebase host and going to "xxxx.firebaseapp.com" on the browser
Everything works! Uh, except for one little thing, which we've been trying to solve for weeks...
The problem
The cookie used by the GAE code to manage session continuity, and sent in responses to HTTP requests generated by the GAE code, does not come back in the next request from the Ionic app running on Firebase. So the GAE app always responds as though the user is not yet logged in.
In fact, further testing shows that the session cookie sent in responses to HTTP requests does not even get set in the browser (so of course it's not sent back to the GAE code with the next HTTP request). The GAE code on the backend server always responds as if this is the first HTTP request of a session.
What we've solved already
The problem is not the fact that Ionic does not support cookies. We know this is not the problem because the app runs fine as an Android app and also via "ionic serve". In both cases, the GAE backend is able to maintain sessions using a cookie to store the session ID from one request to the next.
The problem does not get solved by using "memcache" instead of cookies for GAE session support, because even if you use memcache, you still need the cookie for the session ID. If you wish, you can go with the default and let GAE session support use cookies; in that case, it will use the same cookie for both the session ID and any other session data.
The problem does not get solved by using "__session" as the name of the cookie. Firebase does in fact support using such a cookie name, but apparently only in the context of running Firebase Hosting with Cloud Functions. Cloud Functions are for running backend code, not client code that the user interacts with. We could see no way to make an Ionic app run as a Cloud Function. And without Cloud Functions, the "__session" cookie set by the GAE backend apparently gets stripped by the browser client running the app, along with all other cookies.
Adding "Access-Control-Allow-Origin/-Credentials/-Methods/-Headers" headers to the GAE-code generated response, and setting crossDomain: true xhrFields: { withCredentials: true } on the client side, does not improve the situation. Still, no cookie from the GAE code gets set on the browser.
Any help will be appreciated.
I have an app in GAE and since ever the DataStore Admin link, on the left, gives me a blank page. I noticed this is a bug because when checking, recently, DataStore Admin link, for another app, it properly shows a web page.
Expected: After enabling Data store admin link, over in Applications Settings, to actually have Datastore Admin page working. I tried to contact Google but they request me to be a Silver account — this is clearly a bug. I can upload a video if needed.
I had this problem, and I fixed it by re-enabling third party cookies. You might try clearing cache and cookies and trying another browser as well.
Firstly, just letting you know I have searched a fair bit here and I am aware of some of the other questions on this topic but none answer my question.
The authentication of the Local GAE differs from the appspot deploy and I need it not to with minimal work-around code.
I'm writing an HTML5 app and I can do the google authentication via a button and it updates all the correct tokens so I can access the profile in either GAE Launched apps or appspot deployed ones.
I need the google account details of the logged in user within the app
I am writing (for API calls to calendar and contacts for example)
, and I'd rather not have to write a login handler only for my local development platform - automated for simplicity or otherwise.
I've read that adding login:required forces a login, and on appspot this works perfectly. Locally it does nothing useful.
I've read that you can write a Python decorator to use #login_required - but I'm not writing in Python (It's php generating an HTML5 page). I could write a bit of a PHP wrapper to handle it, or automate a call in Javascript on page load - but this is the workaround I don't want to write because it's handled in the production environment for me.
I want the login:required option as everything is handled for me in
production
. I have googled the options for the login tag and nothing there suggests I can force a google login in the locally launched app. I have googled the launcher and settings, but nothing seems apparent.
I suppose I could live with the dev workaround, and the app could assume I'm authenticated and the JSON request handlers in my app would just use the login:required with the correct google tokens being passed once I am authenticated.
Do I have any other options?
This sounds like it could be a PHP runtime bug. login:required works fine on the python local dev server. Have you checked the issues page to see if it's been reported?
https://code.google.com/p/googleappengine/issues/list
Otherwise it's possible that it's bypassing the login on your dev server because you have some cookie in your browser indicating that you're already logged in. You might try clearing cookies
Alternatively (at least on the python devserver), you can go to your login page via http://localhost:8000/_ah/login to force a logout (obviously fix the hostname and port number)
There appears to be no way round this other than to write the whole OAuth handler yourself (or get one elsewhere) - significant overkill for a development environment only 'issue'.
I have written the app to handle the getting of the google profile details as it starts and force an authenticate if they are not present.
This means that the login:required will work as expected in the production world and force you to authenticate to google before you even get to the application... then the app just gets the profile details because the tokens are already present.
login:required in the dev environment just puts up a screen which you just 'ok', then the app attempts to gets the profile details but forces the authentication itself because there are no authentication tokens present.
It's unfortunate, but it's a single step in a development that users will not have to use, but it works.
We have added a custom domain to our appengine app. We followed the instructions when we made our changes, but apparently something went wrong and we can't find the way to fix it.
In our google apps appengine tab, the main URL specified is https://appid.appspot.com. That means, however, that all traffic from the domain mappings will be sent to the https url, and of course this won't work. I don't know how this https url ended up there as in the app engine admin console, the app url is http://appid.appspot.com.
We haven't find the way to change this url. We have tried to disable this app in google apps but it didn't work, it stays there.
in your app.ymal
-secure: optional
for more details:
http://code.google.com/appengine/docs/python/config/appconfig.html
scroll to Secure URLs
I am having a weird issue. I created an application on Google App Engine and have a Login with Facebook button on it, for which I am doing server side authentication.
I give the redirect_url, and facebook was calling the URL correctly with no issues. The session parameters that I set were being retrieved on the redirect call and everything was working fine.
Yesterday, I got a domain on godaddy and mapped it to my appspot account using google apps. Now when I click on Facebook login, I am getting two calls on the redirect uri, the first one carries the session varaibles and the session one doesn't. I am not very familiar with domain mapping and followed the steps on Google Apps.
Can anyone help me in the right direction on this.
it's a little out of date, but i documented some GAE to Facebook gotchas here:
http://javagwt.blogspot.com/2010/08/facebook-apps-on-app-engine-without-any.html
It may also help to read about naked domain mapping with godaddy, to make sure you're not getting bounced around. Even though you are mapped to your domain through google apps, you can try to put the redirect URL for facebook as yourappid.appspot.com - the redirect URL you provide, and the one in your facebook app settings must match.
My app, nimbits.com writes to facebook from GAE all of the time - the code is on github under server/facebook
https://github.com/bsautner/com.nimbits/tree/master/nimbits-tds/src/com/nimbits/server
Thanks for the answers bsautner and Michele. I finally figured out the issue. I have google ads on my website. The google ads was trying to parse the URL content and creating a second request for every request that I create. After removing the google ads, I get a single callback with session values retained. It all works now. The final output is this website - www.imagecrashers.com. I will be glad for any suggestions from the gurus here, regarding layout or api calls simplification. Thanks again to all.