GAE Launcher enforce Google account signin in app.yaml

Question

Firstly, just letting you know I have searched a fair bit here and I am aware of some of the other questions on this topic but none answer my question.

The authentication of the Local GAE differs from the appspot deploy and I need it not to with minimal work-around code.

I'm writing an HTML5 app and I can do the google authentication via a button and it updates all the correct tokens so I can access the profile in either GAE Launched apps or appspot deployed ones.

I need the google account details of the logged in user within the app I am writing (for API calls to calendar and contacts for example)

, and I'd rather not have to write a login handler only for my local development platform - automated for simplicity or otherwise.

I've read that adding login:required forces a login, and on appspot this works perfectly. Locally it does nothing useful.

I've read that you can write a Python decorator to use @login_required - but I'm not writing in Python (It's php generating an HTML5 page). I could write a bit of a PHP wrapper to handle it, or automate a call in Javascript on page load - but this is the workaround I don't want to write because it's handled in the production environment for me.

I want the login:required option as everything is handled for me in production

. I have googled the options for the login tag and nothing there suggests I can force a google login in the locally launched app. I have googled the launcher and settings, but nothing seems apparent.

I suppose I could live with the dev workaround, and the app could assume I'm authenticated and the JSON request handlers in my app would just use the login:required with the correct google tokens being passed once I am authenticated.

Do I have any other options?

Answer 1

There appears to be no way round this other than to write the whole OAuth handler yourself (or get one elsewhere) - significant overkill for a development environment only 'issue'.

I have written the app to handle the getting of the google profile details as it starts and force an authenticate if they are not present.

This means that the login:required will work as expected in the production world and force you to authenticate to google before you even get to the application... then the app just gets the profile details because the tokens are already present.

login:required in the dev environment just puts up a screen which you just 'ok', then the app attempts to gets the profile details but forces the authentication itself because there are no authentication tokens present.

It's unfortunate, but it's a single step in a development that users will not have to use, but it works.

Answer 2

This sounds like it could be a PHP runtime bug. login:required works fine on the python local dev server. Have you checked the issues page to see if it's been reported?

https://code.google.com/p/googleappengine/issues/list

Otherwise it's possible that it's bypassing the login on your dev server because you have some cookie in your browser indicating that you're already logged in. You might try clearing cookies

Alternatively (at least on the python devserver), you can go to your login page via http://localhost:8000/_ah/login to force a logout (obviously fix the hostname and port number)