Seems like the issue was that AccountManager.invalidateAuthToken
needs to be called with "com.google"
as the accountType not "ah"
.
Android AccountManager Seemingly Not Invalidating Tokens
Question
I have an Android app that authenticates to AppEngine using AccountManager
. It has been working for over a year now. While running some tests today, I noticed that the Set-Cookie header was missing from the response to https://my-app.appspot.com/_ah/login?continue=http://localhost/&auth=...
. Therefore, I don't have a SACSID, and thus can't authenticate.
After looking into the issue further, I realized that this only happens when I use the account that is the admin of the AppEngine app (this account had no problem authenticating 2 weeks ago). I can sign in without issue in a browser, and non-admin users can get the SACSID using the auth token from AccountManager
. I have tried invalidating the auth token and getting a new one, but that didn't work either. I also tried all the different permutations for https and http, and still nothing.
Anyone have any idea what might be causing this?
EDIT: Adding that no cookies are returned with the response at all.
EDIT 2: It seems that AccountManager.invalidateAuthToken("ah", authToken)
is not working. After failing to get the SACSID cookie, I try to invalidate the token assuming that it is expired. However, I just checked, and the same token gets returned the next time I request one.
Solution