I deployed a web application using Google accounts Authentication on the appengine server. If I log out the app with the link from create_logout_url(), my Gmail in the same browser is also logged out. Is that normal behavior? Thanks.
I think it is absolutely normal. My experience is the same as yours.
Many Google services use the same cookies I think, If you log into your Gmail, you can access Google Reader without logging in again.
It is for security purpose I think.
Related
When I try to open the google appengine datastore admin tool it redirects me to:
https://ah-builtin-python-bundle-dot-myapp.appspot.com/_ah/login_required?continue=https://ah-builtin-python-bundle-dot-myapp.appspot.com/_ah/datastore_admin%3Fapp_id%3Dmyappid
and gives me a 500 error.
According to this appengine bug report:
https://code.google.com/p/googleappengine/issues/detail?id=10150&q=%22datastore%20admin%22&colspec=ID%20Type%20Component%20Status%20Stars%20Summary%20Language%20Priority%20Owner%20Log
"This looks to be a problem because you are using non-default authentication scheme.
Are you using user service/Google Accounts API for authentication of users inside your application? If not, consider changing your authentication method.
If you are, then you'll need to setup a custom domain and access the datastore admin via:
https://ah-builtin-python-bundle-dot-
so that the correct authentication cookies can be used."
I'm using simpleauth for authentication and have a custom domain with an ssl certificate.
I would love to be able to backup my datastore data, it's a pretty big risk for my site if I can't!
Any ideas?
Must have been a problem on Googles end, because when I tried again a few months later it magically worked.
I've been using the remote API for google appengine for a couple years. Several months ago I updated to the Oauth2 authorization approach as documented here and everything has worked fine for months.
https://cloud.google.com/appengine/docs/java/tools/remoteapi
Today I ran into the following error
Exception in thread "main" com.google.appengine.repackaged.com.google.api.client.http.HttpResponseException: 401 Unauthorized
You must be logged in as an administrator, or access from an approved application.
I don't understand what changed or how to resolve it. I've made sure that I'm logged in with the correct account by using the following command.
gcloud auth login
Which successfully logs me in.
The account that I use to login, is a google apps account which I suspect is the problem. I think the integration of google apps accounts with appengine has changed based on this old, but seemingly related question.
https://code.google.com/p/googleappengine/issues/detail?id=1462
Any help would be appreciated. Thank you!
I had to use a #gmail.com account instead of my Google app account. It looks like changes are being made to google app accounts to move functionality into the Google cloud platform.
Although I have things working again, I would prefer to use my username and password associated with by app domain and it's not clear how to do that.
I had a myriad of problems, then switched from my Google Apps (Dasher) account to my #gmail account, and everything worked.
I suspect (but can't prove) that this is related to the turndown of ClientLogin on 12-Apr-2016.
I'm coding a Python - Google App Engine application. There are 2 important things this app must do:
Write in user's calendar.
Write in user's profile (working with users in a Google Apps domain)
First operation is easy. If I understood OAuth, this is the classical 3-legged scenario. The scenario for which OAuth was originally developed. The logged user provides credentials to the client (my app) to access the user's data (calendar) on his/her behalf. So, this can be done just with the logged user's credentials.
Second operation is not so easy. It can't be done with just the logged user's credentials. This is a 2-legged OAuth scenario. So, I need to delegate in a Google Apps domain admin's account to access the users's profiles using Google Profiles API (via google data library). So far, I hardcode admin user/password in a json file, and my app loads that file. But that sounds kind of dirty for me.
At the end, my app needs to handle the classical 3-legged OAuth scenario (no problem, just need the logged user's credentials) plus a 2-legged OAuth scenario (need administrator credentials).
Is there any official or more elegant way to handle both scenarios in Google App Engine, working with Google Apps domain, that hardcoding admin credentials?
Many thanks in advance
AFAIK there is no way to authorize a write operation to Google Contacts Data API using 2-legged OAuth.
Google's documentation specifies which APIs are accessible via 2-legged OAuth, but it seems that someone at Google's forgot to specify that some of them are read-only :-S
Some people had the same problem here and here.
I look forward someone at Google to fix this. Until then, harcoding admin-level credentials is the only option I know that it works. I don't like it at all: it's dirty but effective. If someone knows a more elegant zen-level way, please illuminate us!
Applications that run inside the Google App Engine can use Google Accounts for user authentication. I already used this feature and it works great. I just want to know how this is working. Is there a HTTP cookie created? How can an application inside the GAE see that a user is logged in?
The AppEngine SDK takes care of the details for you, but essentially it generates the equivalent of an OAuth request to the Google Account service. All interactions with the login process go through the Google Account service (and thus the cookies it uses for session tracking are not available to the individual app).
I'd like to use Google AppEngine with Silverlight client. I'm hoping to use the Google login authentication mechanism within the Silverlight client. Is this possible? Does anyone have any example sites where a RIA client used in conjunction with Google AppEngine security?
Thanks.
You need to have your users log in via a regular HTML page, then send them to the page with the silverlight client. Anything else would be encouraging users to enter their credentials into a third-party site, which is a Bad Idea.
I really don't believe that is true, meaning if you have an installed application Google has a login that allows you to enter username and pwd in your application. I believe silverlight is closer to windows application. Here is the login mechanism
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html