When I try to open the google appengine datastore admin tool it redirects me to:
https://ah-builtin-python-bundle-dot-myapp.appspot.com/_ah/login_required?continue=https://ah-builtin-python-bundle-dot-myapp.appspot.com/_ah/datastore_admin%3Fapp_id%3Dmyappid
and gives me a 500 error.
According to this appengine bug report:
https://code.google.com/p/googleappengine/issues/detail?id=10150&q=%22datastore%20admin%22&colspec=ID%20Type%20Component%20Status%20Stars%20Summary%20Language%20Priority%20Owner%20Log
"This looks to be a problem because you are using non-default authentication scheme.
Are you using user service/Google Accounts API for authentication of users inside your application? If not, consider changing your authentication method.
If you are, then you'll need to setup a custom domain and access the datastore admin via:
https://ah-builtin-python-bundle-dot-
so that the correct authentication cookies can be used."
I'm using simpleauth for authentication and have a custom domain with an ssl certificate.
I would love to be able to backup my datastore data, it's a pretty big risk for my site if I can't!
Any ideas?
Must have been a problem on Googles end, because when I tried again a few months later it magically worked.
Related
I've logged into the Google Cloud Platform console today and I can no longer see or create any entities in GCP Datastore. I don't use this interface very regularly, but I'm sure that I used to be able to see a list of the entities in the datastore, and be able to manually edit them. Today I'm seeing no entities, and I get the following error message :
"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
The link seems to point me off to a page that talks about integrating Google Sign-in into my web application - that doesn;t seem relevant to me at the moment - I'm just trying to use the GCP console itself
Moving details from comments section to full answer
The correct URL to access Cloud Console is https://console.cloud.google.com and then you select Datastore from the drop down menu on the left
OP was using an old url - https://console.*developers*.google.com/
To Access any component in the GCP including datastore. You need to pass valid credential(key) or your pipeline should be processing using correct GCP credentials.
https://cloud.google.com/docs/authentication/getting-started
I'm new to web dev, and trying to build an application using google app engine's java standard environment, which will require user authentication. I'd like to provide authentication which requires only a username and password of the user, as opposed to a phone number or social account.
As I look through the options listed in app engine's auth tutorial, if I'm understanding them correctly, none of them allow login without a phone number or social account? https://cloud.google.com/appengine/docs/standard/java/oauth/
If so, are there alternatives available while still using app engine? I've read some about 'web container managed authentication' but I'm not sure if its something app engine will support, or if its a full solution.
Is it possible/feasible to roll fully custom authentication in the app engine standard environment? As I search for custom authentication tutorials I see a lot of articles recommending against this, but it's not clear to me what the alternative is.
Thanks for any information
As it's mention on the OpenID Connect documents of Google Cloud, it's important for you and your users security to authenticate using well proven and debugged code. Google offers Firebase Authentication which let's users log in with an Email and password.
If you still want to implement the authorize part on your own, you can use your preferred web framework and probably it will have an authorizing process.
For example, in python you can use Django authorize system to provide users for a custom way to log in.
But, as I said before, I highly recommend you to use the Google APIs for authorizing as they are OpenID certificated.
I've been using the remote API for google appengine for a couple years. Several months ago I updated to the Oauth2 authorization approach as documented here and everything has worked fine for months.
https://cloud.google.com/appengine/docs/java/tools/remoteapi
Today I ran into the following error
Exception in thread "main" com.google.appengine.repackaged.com.google.api.client.http.HttpResponseException: 401 Unauthorized
You must be logged in as an administrator, or access from an approved application.
I don't understand what changed or how to resolve it. I've made sure that I'm logged in with the correct account by using the following command.
gcloud auth login
Which successfully logs me in.
The account that I use to login, is a google apps account which I suspect is the problem. I think the integration of google apps accounts with appengine has changed based on this old, but seemingly related question.
https://code.google.com/p/googleappengine/issues/detail?id=1462
Any help would be appreciated. Thank you!
I had to use a #gmail.com account instead of my Google app account. It looks like changes are being made to google app accounts to move functionality into the Google cloud platform.
Although I have things working again, I would prefer to use my username and password associated with by app domain and it's not clear how to do that.
I had a myriad of problems, then switched from my Google Apps (Dasher) account to my #gmail account, and everything worked.
I suspect (but can't prove) that this is related to the turndown of ClientLogin on 12-Apr-2016.
I'm coding a Python - Google App Engine application. There are 2 important things this app must do:
Write in user's calendar.
Write in user's profile (working with users in a Google Apps domain)
First operation is easy. If I understood OAuth, this is the classical 3-legged scenario. The scenario for which OAuth was originally developed. The logged user provides credentials to the client (my app) to access the user's data (calendar) on his/her behalf. So, this can be done just with the logged user's credentials.
Second operation is not so easy. It can't be done with just the logged user's credentials. This is a 2-legged OAuth scenario. So, I need to delegate in a Google Apps domain admin's account to access the users's profiles using Google Profiles API (via google data library). So far, I hardcode admin user/password in a json file, and my app loads that file. But that sounds kind of dirty for me.
At the end, my app needs to handle the classical 3-legged OAuth scenario (no problem, just need the logged user's credentials) plus a 2-legged OAuth scenario (need administrator credentials).
Is there any official or more elegant way to handle both scenarios in Google App Engine, working with Google Apps domain, that hardcoding admin credentials?
Many thanks in advance
AFAIK there is no way to authorize a write operation to Google Contacts Data API using 2-legged OAuth.
Google's documentation specifies which APIs are accessible via 2-legged OAuth, but it seems that someone at Google's forgot to specify that some of them are read-only :-S
Some people had the same problem here and here.
I look forward someone at Google to fix this. Until then, harcoding admin-level credentials is the only option I know that it works. I don't like it at all: it's dirty but effective. If someone knows a more elegant zen-level way, please illuminate us!
I deployed a web application using Google accounts Authentication on the appengine server. If I log out the app with the link from create_logout_url(), my Gmail in the same browser is also logged out. Is that normal behavior? Thanks.
I think it is absolutely normal. My experience is the same as yours.
Many Google services use the same cookies I think, If you log into your Gmail, you can access Google Reader without logging in again.
It is for security purpose I think.