Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Google App Engine: Reverse Proxy + OpenID, users being redirected to appspot domain after login

I am using a reverse proxy to enable ssl on a custom domain. The proxy works fine on the public pages, however when the user attempts to access a login_required directory the login url shifts them over to my appspot domain after sign-in.

Is there a way to keep users on the custom domain?

Here is my login handler:

class OpenIDLoginHandler(webapp.RequestHandler):
    def get(self):
        domain = self.request.get('domain')
        continue_url = self.request.GET.get('continue')

        if not continue_url:
            continue_url = 'https://my_domain/login_required_directory/'    

        if domain:
            self.redirect(users.create_login_url(dest_url=continue_url,
                _auth_domain=None,federated_identity=domain))
        else:               
            login_url = users.create_login_url(dest_url=continue_url,
                federated_identity='https://www.google.com/accounts/o8/id')         
            self.redirect(login_url)

application = webapp.WSGIApplication(
                     [                                       
                         ('/_ah/login_required', OpenIDLoginHandler)],
                     debug=True)    

def main():
    run_wsgi_app(application)

if __name__ == "__main__":
    main()

I've tried overriding the destination url in the users.create_login_url call - the function still returns a login_url with the appspot domain as the 'continue' parameter, like this:

"https://appspot_domain/_ah/login_redir?claimid=https://www.google.com/accounts/o8/id&continue=https://appspot_domain"

I attempted simply rewriting the returned login_url and replacing the 'continue' parameter with my custom domain, but this resulted in a 404 error.

Any thoughts?

Thanks in advance!

like image 888
Kevin P Avatar asked May 01 '11 00:05

Kevin P


1 Answers

I'm not sure this is an option for you, but the next release of app engine claims to have support for ssl on custom domains (http://code.google.com/appengine/business/). If your application won't be in production for a while maybe it would just be easier to wait until they officially add support. They appear to be on a ~3 month release cycle (http://code.google.com/appengine/docs/revision_history.html)

like image 62
mike Avatar answered Sep 21 '22 04:09

mike