When I click on "Datastore Admin" in my AppEngine (Python27) application with federated login, the following error shows up:
Error: Not Found
The requested URL /_ah/login_required?continue=https://ah-builtin-python-bundle-dot-latest-dot-ah/datastore_admin/?app_id=s~lpgng2 was not found on this server.
Seems like I am redirected to the /_ah/login_required page on admin instance and not on the frontend instance.
What's wrong?
If you take a closer look at the documentation here: https://developers.google.com/appengine/articles/openid as soon as you select "Federated Login" your code would need to handle requests to /_ah/login_required in order to serve any requests that requires login. Datastore admin is just a built-in app, which have its handlers requiring login.
Implementing this should resolve this. Hope it helps!
Related
I have been updating a system that has been in place for sometime and finding some clients have issues with login on mobile devices.
I have a test system in place and setup Application in Azure AD and noticed during testing if I login with incorrect credentials, login.microsoftonline.com will show:
Sorry, but we’re having trouble signing you in.
AADSTS50020: User account...
When login to the clients live systems I don't see this error and just get returned to the home page of the application.
The only difference is the client apps are configured with credentials for there Azure AD instance and I cannot access them. These where also built on the legacy App Registrations but that shouldn't be issue (ha). The server side is the same implementation.
Why am I not seeing the AADSTS errors in productions sites?
If you are not seeing any error and are just getting returned to the homepage it seems more likely to be an issue with the Redirect URI or the app registration configuration.
Please confirm that the redirect URIs in your application and in your registration are what they are intended be.
Also, ask them to check the developer tool logs when signing in to see if anything shows up. It might be failing but not triggering the error message.
When I try to open the google appengine datastore admin tool it redirects me to:
https://ah-builtin-python-bundle-dot-myapp.appspot.com/_ah/login_required?continue=https://ah-builtin-python-bundle-dot-myapp.appspot.com/_ah/datastore_admin%3Fapp_id%3Dmyappid
and gives me a 500 error.
According to this appengine bug report:
https://code.google.com/p/googleappengine/issues/detail?id=10150&q=%22datastore%20admin%22&colspec=ID%20Type%20Component%20Status%20Stars%20Summary%20Language%20Priority%20Owner%20Log
"This looks to be a problem because you are using non-default authentication scheme.
Are you using user service/Google Accounts API for authentication of users inside your application? If not, consider changing your authentication method.
If you are, then you'll need to setup a custom domain and access the datastore admin via:
https://ah-builtin-python-bundle-dot-
so that the correct authentication cookies can be used."
I'm using simpleauth for authentication and have a custom domain with an ssl certificate.
I would love to be able to backup my datastore data, it's a pretty big risk for my site if I can't!
Any ideas?
Must have been a problem on Googles end, because when I tried again a few months later it magically worked.
I am quite new to openID and GAE and there are lots of documentation that I get confused. So
I am building a Java web application.
I have GAE for Business.
As I understand GAE are automatically become openID providers. Can I in my Java web app identify only my GAE users using openID, like when user clicks login button it redirects to my GAE login page and identifies them? If user is not my GAE user my Java app rejects the access.
If something is not clear just tell me, because English is not my native language.
I am not really sure I got you right but if you want only the users you have invited the relevant emails to your application through appspot.com under permissions, you can include in your relevant handlers in your app.yaml file the login parameter like that.
handlers:
- url: /.*
login: admin
In case the user is trying to login is not under your application's permission list he will receive an unauthorized error.
I have an application deployed to Google App Engine.
The application relies on App Engine User API to login and signup. However I noticed that if user signup using hotmail account, after verify the account through OpenID option. App Engine tries to direct the browser to the following URL: https://appengine.google.com/_ah/conflogin?continue=https://myappid.appspot.com/login.do, where /login.do is used in UserService.createLoginURL("/login.do") to create the login URL.
At this step I am getting 500 Server Error as the following. When I check my server log, I couldn't find any request to login.do. Please help.
Error: Server Error
The server encountered an error and could not complete your request.
If the problem persists, please report your problem and mention this error message and the query that caused it.
I got this error when logging in 4 accounts.
It works on logging in 3 accounts.
We can not control the number of accounts a user login at the same time.
I think it is a critical bug in the implementation of Google.
Conclusion, Users API is not usable. The only way is to use OAuth.
I refer here to that page you are redirected after you login to GAE app with your google account, which asks your permission to access your google account.
Put this toghether with custom domain and https and you get my problem.
Sorry for the lengthiness. I searched everywhere. Didn't find anything. Not sure it is an OAuth issue (think not).
My configuration:
developed myapp.appspot.com
configured custom domain myapp.mydomain.com to point to myapp
myapp is making use of GAE login service
need for https posts from custom domain (!), solved as follows:
page is loaded in HTTP from http://myapp.mydomain.com
some submit HTTPS URLs are hardcoded in the page, as https://myapp.appspot.com/someservice
same domain policy resolved server side by means of http headers
GAE login service applies both to http://myapp.mydomain.com handler AND https://myapp.appspot.com/someservice handler
The workflow is:
user not yet authenticated
user browse http://myapp.mydomain.com (not ssl)
user is redirected to google account login page
user logins
user is redirected to the abovementioned page: myapp is requesting permission to access user's google account
user grants his permission
user is in - OK
Now comes the problem:
user makes a submit to https://myapp.appspot.com/someservice (so that data is ssl transmitted), which is loginrequired decorated
login is ok, user is not again redirected to the login page,
I think this is because the google login is cross application (the same should appen if the user was already logged in into gmail, to say)
but now https://myapp.appspot.com/ is again requesting permission to access user's google account - and this is the problem
The user is prompted TWICE to grant permission to myapp to access his account:
once when he browse to http://myapp.mydomain.com
and another one when he submits data to https://myapp.appspot.com/someservice
My user doesn't like it and me too !!!
I suspect this is because the user answer (Allow or No Thanks) is saved server side with respect to the URL of the app
and not with respect to some other unique id of the app.
But I have no idea how to solve it or at least work it around.
Thank you for your patience in reading up to here.
Any help would be appreciated.
The cookie that is issued for the user's session is per-domain and per-protocol. As a result, the same session won't work on the appspot app and on your custom domain. This isn't an App Engine limitation - it's simply how HTTP works.
The best solution, currently, is to put the form itself on HTTPS as well (which is in general a good idea anyway).