Custom domain app requesting permission to access Google Account

[stefano terna]

I refer here to that page you are redirected after you login to GAE app with your google account, which asks your permission to access your google account.

Put this toghether with custom domain and https and you get my problem.

My configuration:

• developed myapp.appspot.com
  
• configured custom domain myapp.mydomain.com to point to myapp
  
• myapp is making use of GAE login service
  
• need for https posts from custom domain (!), solved as follows:
  
•     - page is loaded in HTTP from http://myapp.mydomain.com
•     - some submit HTTPS URLs are hardcoded in the page, as https://myapp.appspot.com/someservice
•     - same domain policy resolved server side by means of http headers
• GAE login service applies both to http://myapp.mydomain.com handler AND https://myapp.appspot.com/someservice handler
  

The workflow is:

1. user not yet authenticated
   
2. user browse http://myapp.mydomain.com (not ssl)
   
3. user is redirected to google account login page 
   
4. user logins
   
5. user is redirected to the abovementioned page: myapp is requesting permission to access user's google account
   
6. user grants his permission
   
7. user is in - OK
   
8. Now comes the problem:
   
9. user makes a submit to https://myapp.appspot.com/someservice (so that data is ssl transmitted), which is loginrequired decorated
   
10. login is ok, user is not again redirected to the login page (I think this is because the google login is cross application (the same should appen if the user was already logged in into gmail, to say)
11. but now https://myapp.appspot.com/ is again requesting permission to access user's google account - and this is the problem

The user is prompted TWICE to grant permission to myapp to access his account:

• once when he browse to http://myapp.mydomain.com
  
• and another one when he submits data to https://myapp.appspot.com/someservice
  

My user doesn't like it and me too !!!

I suspect this is because the user answer (Allow or No Thanks) is saved server side with respect to the URL of the app

and not with respect to some other unique id of the app.

But aside from my suspects I have no idea how to solve it or at least work it around.

Thank you for your patience in reading up to here.

 

Any help would be appreciated.