https://stackoverflow.com/questions/19113455
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSeems like the issue was that AccountManager.invalidateAuthToken needs to be called with "com.google" as the accountType not "ah".
Android AccountManager Seemingly Not Invalidating Tokens
Question
I have an Android app that authenticates to AppEngine using AccountManager. It has been working for over a year now. While running some tests today, I noticed that the Set-Cookie header was missing from the response to https://my-app.appspot.com/_ah/login?continue=http://localhost/&auth=.... Therefore, I don't have a SACSID, and thus can't authenticate.
After looking into the issue further, I realized that this only happens when I use the account that is the admin of the AppEngine app (this account had no problem authenticating 2 weeks ago). I can sign in without issue in a browser, and non-admin users can get the SACSID using the auth token from AccountManager. I have tried invalidating the auth token and getting a new one, but that didn't work either. I also tried all the different permutations for https and http, and still nothing.
Anyone have any idea what might be causing this?
EDIT: Adding that no cookies are returned with the response at all.
EDIT 2: It seems that AccountManager.invalidateAuthToken("ah", authToken) is not working. After failing to get the SACSID cookie, I try to invalidate the token assuming that it is expired. However, I just checked, and the same token gets returned the next time I request one.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
