Login loop when adding a custom domain for appengine - google-app-engine

Chrome, regular App Engine app (not restricted to Google Apps domain).
In application management:
Open "Application Settings".
Click "Add Domain".
Input a domain into "Domain Name" and click "Add Domain".
Redirects to page with URL https://accounts.google.com/AccountChooser?service=CPanel&continue=https%3A%2F%2Fadmin.google.com%2F###MY_DOMAIN###%2FAddAppEngineService%3FappId%3D###MY_APP_ID###&hl=en
where ###MY_DOMAIN### and ###MY_APP_ID### are populated correctly.
There I see my account under "Select and account" which I can click.
Click account.
It opens the same Account Chooser page with slightly different URL, with auth parameter in continue url param.
Clicking again on my account just changes the auth.
That ###MY_DOMAIN### may or may not be registered with Google Apps (tried on third-level domains with different second-level domain part). Account may or may not be owner of Google Apps that are installed on that domain (added different Google accounts to app owners and tried from both).
UPD: there's already issue filed 2 months ago https://code.google.com/p/googleappengine/issues/detail?id=9779

You should be adding second-level domain, not third-level. And that second-level domain should be registered with Google Apps. Then, after adding the second-level domain you'll be able to configure which third-level domains maps to which App Engine applications in Apps settings.

Related

Google Cloud API: Can't create domain mapping with App Engine service account

I'm trying to use the googleapiclient Python SDK to create a domain mapping for my App Engine app. I'm using the "App Engine default service account" to authenticate, which works (I can get the list of domain mappings). However, when I try to create a mapping, I get the following error:
Caller is not authorized to administer the domain 'abc.[mydomain]'. If you own 'abc.[mydomain]', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=abc.[mydomain]. We recommend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').
The same call works in the API Explorer without any issues.
I tried giving the service account the Owner role in the IAM console, to no avail.
(I haven't tried running it from within App Engine; presumably that works, but I'd really like to be able to test this part of my app locally.)
Thanks to John Hanley for pointing me in the right direction.
Go to the Google Search Console and sign in
Navigate to "Settings" (towards the bottom of the menu)
Select "Users and Permissions"
Click the "more" (three vertical dots) button next to your email address, then "Manage property owners"
Choose your domain from the list
Click "Add an owner" at the bottom of the page

Serve GAE app from a custom domain?

I have a GAE project (myproject.appspot.com) which I'd like to serve from a custom domain (myapp.com).
I have added the custom domain to my Google Apps account for my company (example.com)
On my dashboard I have successfully added my domain. This is confirmed; it says myapp.com - Active
Following Google's instructions, I perform step 3 (click "Add Domain"), which attempts to log me in using my normal admin account:
Problem #1, it won't let me perform this step:
You are trying to access Google Admin of myapp.com but you do not have a valid logged in account for it.
I have successfully performed step 4 (Activate this service), and my app appears under "App Engine Apps" for my company.
This page displays: Web address — Your users can access MYPROJECT at: https://myproject.appspot.com — Add new URL
I then click on "Add new URL", which offers me a chance to select a domain from a pulldown list that includes all the domains I own on this account (i.e. both example.com and myapp.com).
Problem #2, it won't let me perform this step. I choose http://myapp.com and click [Add]. When I do this, I get an alert in a red popup box that says The term 'myapp.com' is not allowed. The single quotes are unescaped and appear as "'"
I can successfully add the URL for my company domain (example.com) just fine. But it throws an error/alert if I select myapp.com instead.
Why is Google Apps preventing me from using this domain? I clearly own it, and it appears on
the pulldown menu. Why does it say "the term" is not allowed, as if it's a typo? Is this a bug in parsing the unescaped quote characters?
I found a great (and very obscure) solution.
First of all, Google doesn't tell you this, but the custom domain cannot be a secondary domain on your Google Apps account. Only the primary domain can be selected for "Add new URL."
There are two solutions. One is to add the second domain (myapp.com) to your Google Apps account as a domain alias for the primary (example.com), not a secondary domain. This may not be acceptable for many users, since it means you cannot use myapp.com to deliver different content from example.com.
The second solution is to create an entirely independent, separate Google Apps account, and make your domain (myapp.com) a primary domain for that account. This too may not be acceptable for many users, since you may not feel like paying for a Google Apps account (minimum of $50 per user per year). However, there is a very cool way to get a Google Apps account for free.
You can create an independent Google Apps account with exactly 1 user, and then delete Google Apps for that user. This sounds weird, but stay with me. The superuser account remains, so you can administer the domain and the App Engine app. What you give up are the paid services: gmail,docs,calendar, etc. for that user, which means you're not obliged to pay the $50/year.
Here's the recipe. You will need:
a) a Google User account (e.g. joe#myapp.com created at http://gmail.com)
b) an App Engine account (e.g. http://appengine.google.com)
c) a Google Apps account (e.g. http://admin.google.com/myapp.com)
Create your Google Apps account, you will get a free 30-day trial.
Make sure your user (a) is an owner of the app engine project (b).
Make sure you add your app engine project (b) to your Apps account (c).
Under "Admin Console / More controls / App Engine Apps" ("add services", click icon in upper right corner)
Here's where you delete the paid services and keep the Apps account for free:
In the admin console, choose Company Profile / Profile.
Scroll all the way down to Account Deletion. Look for the text "One or more subscriptions are still active. Please cancel these subscriptions "
Click "subscriptions".
Click "Google Apps".
Click "Cancel Google Apps" (It's the ⃠ icon on the extreme right side of page)
This will delete the paid services (gmail,docs,cal, etc.) so you will no longer have access to any of those. Gmail will not handle any email sent to joe#myapp.com. You will need to set up the MX records for myapp.com to point to some other service if you want to enable email for the myapp.com domain. But you will have the myapp.com domain associated with your Apps account and with your App Engine app, for free, and you will be able to log in as joe#myapp.com to administer them both.
At some point, if you change your mind and decide you want Gmail for your users, you are always welcome to add the Google Apps service back on, and of course purchase licenses for $50/user/year.
You need to add the GAE app from your Google Apps for Domain account. There is a form where you can add an appengine app to your Google Apps account, but it's not in your GAE account, it's in your Google Apps account.

Unable to add custom Domain w/ Google App Engine

I'm unable to map a custom domain to my Google App Engine app. The steps I've already taken are:
I'm the admin of the Google Apps account
I'm the owner of the Google App Engine Account
I've added the domain to the "Domains" section of Google Apps
I've verified ownership of the domain within Google Apps
I've correctly setup the MX records of the domain
I've checked that the domain was correctly setup using: https://toolbox.googleapps.com/apps/checkmx/
However, for the last 3 days in the Domains section of Google Apps it says "MX records setup validation in progress".
Additionally, when I go to add the domain within the Application settings of the Google App Engine account I get redirected to a sign in page (despite already being signed in, and an admin within Google Apps, and the owner of the Google App Engine app). Either way when I go to sign in again I just get redirected back to the signin page and I'm not able to get any farther.
Also, I have billing enabled for the App Engine account. I've configured app engine domains numerous times before and never had these issues. Any help would be appreciated.
Update:
Following #presveva's suggestion I setup a new Google Apps account (despite already having an existing one) and the first page after creating a new Google App was a server error. After refreshing the page and verifying ownership of the domain I went to add the domain to App Engine.
On the "Please accept the Google App Engine terms and conditions to continue" page, first of all no terms even showed (numerous XMLHttpRequest errors on the page), and after submitting "I accept. Continue to add this service" the next page stated "An error occurred while trying to install this application. Please try again later."
This process is horribly broke and would be great if Google addressed this.
I know this this post is old but I ran into the same issue.
All ready running Google Apps for my primary domain.
Created a new app and registered a new domain name for that.
Don't want to get a new payed Google Apps account for the app domain.
#presveva is right but there is one way around it.
Use your current Google Apps account and add the app domain as a alias for your primary domain.
Make the admin account of your Google Apps domain owner of the Google App Engine (GAE) application.
Add the GAE app to your Google Apps account via the Google Apps admin interface.
Setup a custom domain name for the domain alias, your new app domain.
Note: If you use Google Sites for your domain you can't use www. Disable sites if you want to use GAE.
For now, the only one way for using custom domain in GAE is signup a Google Apps account (domains article).
Notice that the domain need to be the primary domain of account, a new account for domain.
The docs I have linked mentions a free single-user account but it has been replaced by a 50$ credit for a business Google Apps account (forum annunce)

AppEngine Google Apps Authentication: Can you switch domains?

I've set up an AppEngine account using Google Apps Authentication and I've resigned myself to the fact that it can't be changed. But can you switch the domain that it's bound to?
UPDATE
Forgot one point. We've already added users from the new domain as AppEngine administrators and we're able to log into the AppEngine console with them. But there are certain URLs in the app itself (e.g. cron jobs/task queues) that we've restricted to access by admins only. When we try to access them, we are directed to the domain-specific AppEngine page (i.e. http://appengine.google.com/a/myolddomain.com) to log in. When I update the URL to the new domain, I can log in but then I get a page saying "The page is requesting permission to access your Google account. Select an account you would like to use." And there are no options in the list to select. I can click Continue but then I'm redirected back to the login page for the old domain again.
No. If you created an app with Google Apps authentication, it is tied to that domain to authenticate against forever. This only matters if you're using the Users API, of course.
Yes you can switch to another domain. App Engine is a service in your apps domain. Because it is a service, I think you can add the same appspot service to multiple apps domains.

Google App Engine on Google Apps Domain

I'm having trouble getting my domain pointed to my website hosted with google app engine. Here's the background... take care to separate the concepts of "google apps" (domain hosting, email, etc.) and "google app engine" (website framework).
I have a domain that's using Google Apps for Your Domain, let's call it company.com. So my login for my google apps account is bob#company.com. I have a different domain that is aliased back to my google apps account, let's call it mycompany.com. It's been successfully aliased and registered with my primary google apps account using the cname method, and has updated mx records. We have a ton of domains, and I only want to use one "google apps" account to maintain them all.
Now I have a website I've built using google app engine, and the url is effectively mycompany.appspot.com. I want to get mycompany.com to point to my website that currently resides at mycompany.appspot.com.
There's a spot in the google app engine dashboard under application settings where you can add a domain. So I click there and enter mycompany.com and I get an error message saying that domain is not using google apps.
If I back up to the page I submitted, there's a note saying I need to register the domain with google apps. So I click the link to do that and enter mycompany.com and I get an error message saying the domain has been registered and is in the process of ownership verification. But that process is already finished.
So... what do I do? Does google app engine not support a domain that is only aliased to a primary google apps account? Does mycompany.com need to have its own primary google apps account?
I ran into this problem setting up my domain. It's a little counter-intuitive, but you'll want to add (in your example) company.com to your appengine account. Once you add company.com, you'll see a dropdown listing all of the domains that belong to your hosted google apps account, including mycompany.com.

Resources