Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why does Google App Engine append a path to my 'continue' location during login?

Tags:

authentication

google-app-engine

I'm using a very simple GAE instance from a Greasemonkey script. This worked fine for the last months, but now a path is appended to the final 'continue' location, which breaks the login process for me.

The basic workflow, under the assumption that the user is logged into his Google Account, but his token for the GAE instance has timed out:

  1. User opens page A with the GM script installed.
  2. The GM script runs and tries to access the GAE instance with a GM_xmlhttpRequest().
  3. The GAE instance returns "login_needed|<loginurl>". The GM script extracts the loginurl and sets window.location on it.
  4. The user is redirected to the loginurl and eventually back to A. However, this time, actual data is returned by the GM_xmlhttpRequest().

The last step no longer works, as the user is now redirected to the loginurl plus some, which gives a 404 on the target site.

The GAE code is just about half a screen of code. The authentication relevant code is this:

if not users.get_current_user():
    self.response.headers['Content-Type'] = 'text/plain'
    self.response.out.write('login_needed|'+users.create_login_url(self.request.get('uri')))

The sequence of requests is as follows, all caused by redirects:

  • GET https://mygaeinstance.appspot.com/?uri=https://targetsite.com/
  • GET https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://targetsite.com/&ltmpl=gm&ahname=MyGAEInstance&sig=<some sig>
  • GET https://appengine.google.com/_ah/conflogin?continue=https%3A%2F%2Ftargetsite.com%2F&pli=1&auth=<some base64 auth token>
  • GET https://targetsite.com/_ah/conflogin?state=<some base64 state>

targetsite.com doesn't like that path and as you can see, it wasn't in the initial 'continue' argument passed to appengine.google.com, which was just "https://targetsite.com/". What did I do wrong and how can I fix this?

like image 690
Henrik Heimbuerger Avatar asked Mar 05 '11 11:03

Henrik Heimbuerger

1 Answers

A recent change to our login flow for App Engine has created an issue whereby a login with a continue URL that's outside the app's own domain will result in an erroneous redirect such as the one you're observing.

We're working on fixing this. In the meantime, a workaround is to set up a redirect handler on your own app. Make that the target of the continue parameter, and have it send a final redirect to your actual target.

like image 193
Nick Johnson Avatar answered Sep 28 '22 23:09

Nick Johnson
Sign in to Comment

Related questions

How should I move blobs from BlobStore over to Google Cloud Storage?
How to restrict Google Form responses to logged in users?
Initiating AmazonS3Client on GAE throws NoClassDefFoundError
How to organize GAE Modules app structure and code?
On Idea Intellij, how to connect to Google Cloud SQL
Why do processes running on Google App Engine hang?
Include cookies in HTTP requests when using the Google Cloud Endpoints JavaScript client
Cookies used in Google login
Why is goapp test is looking for files in /tmp?
Google Calendar api - rate limit exceeded (even though it's not)
How to schedule a docker run on google cloud
Secret environment variables in Cloudbuild (with out files), how?
Unable to export to Monitering service because: GaxError RPC failed, caused by 3
How to pass run arguments in app.yaml for Go?
Google App Engine Internationalization Help needed (Python)
How to use HTTP method DELETE on Google App Engine?
Sessions enabled - do we have to clean them up ourselves?
task strategies for handling HardDeadlineExceededError
Do a mass db.delete on App Engine, without eating CPU
Google App Engine Application Error 5

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!