I have a small app written in Google App Engine, and I use the basic login: required in app.yaml for authentication. This gives me the Google login box, which has the "Stay signed in" option. However, even with the "Stay signed in" option I get logged out fairly quickly (within a day or two). Is there any way to extend this timeout? Is there any way around it using the users API?
Log in to your admin console, select an app, and choose 'Application Settings'. Then, change the expiration period under 'cookie expiration' - options are 1 day, 1 week, and 2 weeks.
Related
I am working on an app using NativeScript and am using Microsoft OAuth2 to authenticate the user, send emails and access SharePoint with it. My problem is that the authentication token I get expires after 1 hour so the user has to login again over and over. A temporary solution I am using is refresh_token which lasts longer (I believe 14 days by default and up to 90 days) but still that is not what I would like. My ideal solution would be an option to stay signed in but it does not seem to exist at this moment.
I have read this page https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-token-session-sso and am not sure how to extend the lifetime of my token. If I can extend it at least for a year or six months, that would be great but I don't know how to do it.
My app is not registered in Azure but in apps.dev.microsoft.com and I have looked in the manifest but haven't found anything I could write to change the token type or its lifetime.
I have an AppEngine (Java) application that uses the native AppEngine authentication mechanism (see: https://cloud.google.com/appengine/docs/standard/java/users/). It generates login and logout URLs via the createLoginURL and createLogoutURL methods as detailed in that article.
On desktop, everything works perfectly fine. A user with multiple accounts active will be prompted to select one to use upon login, and she will be logged out of all of her accounts upon logout.
On mobile, however, it does not work this way. A user with multiple accounts will be automatically signed in to the first one (whatever that is) upon login, and she will be prompted to choose an account upon logout. I have no idea why the account-picker is shown as part of the logout process, and I have no idea what choosing an account there actually does, since the end-result appears to be the same regardless of the account chosen: AppEngine thinks that the user has been signed out.
In the past, an account picker used to be shown upon login (it was a radio-button account picker, less pretty than the logout one, but functional nonetheless). Now, I cannot get one to appear. I have confirmed via https://myaccount.google.com that multiple accounts are actively signed in.
A simple test of this workflow is as follows:
Generate login and logout URLs via createLoginURL and createLogoutURL.
On mobile:
Sign in with one Google account.
Sign in with another Google account.
Confirm that both are signed in via https://myaccount.google.com.
Navigate to the login URL.
Expected behavior: account picker is shown; upon selection, the user is redirected to the "continue" URL.
Actual behavior: no user action takes place and the user is redirected to the "continue" URL.
Navigate to the logout URL.
Expected behavior: no user action takes place and the user is redirected to the "continue" URL.
Actual behavior: account picker is shown; upon selection, the user is redirected to the "continue" URL.
For reference, here are the values of the login and logout URLs as generated by the createLoginURL and createLogoutURL methods (obviously "EXAMPLE-APP" would be the actual AppEngine ID of my application):
createLoginUrl("/ui/signin.html"): https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://EXAMPLE-APP.appspot.com/ui/signin.html<mpl=gm
createLogoutUrl("/ui/signout.html"): https://EXAMPLE-APP.appspot.com/_ah/logout?continue=https://www.google.com/accounts/Logout%3Fcontinue%3Dhttps://appengine.google.com/_ah/logout%253Fcontinue%253Dhttps://EXAMPLE-APP.appspot.com/ui/signout.html%26service%3Dah
Also, I am currently experiencing this with Android phones running Chrome (one Galaxy S6 and one Pixel; I do not have other devices to test with at this time).
My question: how can I make Google display the account picker for the login action in Google AppEngine (for Java) on mobile devices?
Edit: Here is an example AppEngine project that demonstrates the problem.
Site: https://java-auth-test.appspot.com/
Source: https://github.com/tekkamanendless/appengine-java-auth-test/blob/master/src/main/webapp/index.jsp
For a calendar app, I want to sync users calendars (events) to my database. For now, I need title, start, end, recurrence and reminders/alerts. I am thinking, I will get these information from app and store it to a database. To make things easy (implementing recurrence maybe hard), I thought of using a hidden Google Calendar account on the server as a database.
Server will use a "hidden" Google Calendar account
App (iOS) will get calendar information from user's iCal via EventKit
Passes server this information which is saved to Google Calendar
So 1 user calendar becomes 1 hidden google calendar
But I think I might encounter some problems with API limits?
I might need to re-authenticate to refresh the access token? Is there a token I do not have to refresh?
Is the limit on the number of calendar I can have 10,000? What if I need more? Isit even possible? Or is it 10,000 for "a short period of time".
Is this possible? Or is the only option a self build system.
The quota for the Google calendar API is Queries per day 1,000,000 if you go over that you can always request additional quota as far as I know it doesn't cost anything to extend your quota.
Once you have authentication to a user Google calendar account you will receive a refresh token. The refresh token can be used to gain a new access token when ever you need to access it. Refresh tokens don't expire unless a user removes your access.
I have a Asp.net MVC application that uses Azure AD and OpenID Connect OWIN middlewares to handle authentication. Everything works fine except for one thing : if a user is already logged-in on another Microsoft Application lets say a Office 365 account or maybe a live mail account, when trying to login it recives a page saying that it is not allowed to log into my app, which is correct, but some how I need to catch that situation in my code to allow the user to sign in with a different account. Is there a way of doing that? This is by design? I mean : the user have to log in only with a live/azure account at the time ? I couldn't find any documentation about this.
As of today there is typically one user at a time, but we will soon support for you a way to select a specific user instead of automatically signing you in with the most recent one.
One way you can work around this today is by injecting the parameter "prompt=login" in your sign in requests. You can do that in the RedirectToIdentityProvider notifications, similarly to what is showin in http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/ for domain_hint. This will cause the sign in experience to always start with a fresh prompt even if the user is already signed in. The draw back is that you'll never get SSO this way. Hopefully our account switiching feature will become available soon, keep an eye on http://blogs.technet.com/b/ad/ for announcements
I have billing enabled on my project, and have even issued a $10 payment just to test out the process (it works). But I am unable to change my daily budget on the google app engine dashboard.
I go to "Billing Status" section.
I am entering the new daily budget and I hit the "submit" button.
I am getting the not very informative error: "There was an error processing the request".
So I'm stuck without being able to update my budget, and my quota has exceeded for instance hours. My users are receiving errors and I am losing money, without any option of reaching out to Official Google Support (tried to email support - it can take up to a couple of days for them to get back to you, and the phone number requires a PIN that only premium customers get. becoming a premium customer also takes a couple of days...).
Any suggestions?
I have already tried:
making sure I have only one Google account signed in while changing the budget
replacing payment method
adding another user as a billing admin and changing the budget with that user
Nothing seems to work.
UPDATE: After reaching out to a developer advocate from Google, I found out that they are aware of this issue. They claim to have solved it last night, and for me the bug is now solved.