Google App Engine "login URL" behaves strangely on mobile

[Douglas Manley]

I'm developing a web app that (through the magic of "manifest.json" and some Safari-equivalent "meta" tags) can be added to a user's "home screen" on his mobile phone.  If you're not familiar with it, basically the browser (Chrome and Safari right now) will allow you to make a website more app-like by adding it to the phone's home screen with an icon and none of the browser decorations (location bar, back button, etc.).

Anyway, I'm using the stock Google App Engine authentication system to sign the users in.  To keep things tidy, no pages *require* authentication; the JSON REST API handles appropriate permissions and such based on App Engine's idea of who has signed in (the "getCurrentUser" method of the "UserService" class in Java, for example).  When I want to sign the user in, I open a window using the "login URL" using "window.open()" (the "login URL" is provided by the "createLoginURL" method of the "UserService" instance in the Java API).  The login URL redirects (once logged in) to a simple page that performs a "window.close()" to close the sign-in window and return the user to the app (which detects the "closed" state of the window and attempts to refresh its state appropriately).

When I do this on my desktop, I get a new tab to open with the Google account picker screen; I sign in; the tab closes.  This is as expected.

When I do this on Android, I get a new tab quickly, but then it closes, and I am asked how I want to open the URL (Chrome, other apps, etc.) (as if I had just clicked on a link in a different app, for example).  If I choose Chrome, then I get a new tab with the Google account picker screen; I sign in; the tab does not close (there is a console error about not being able to call "window.close()" from a window that wasn't opened with "window.open()").  So in Android, I see two strange things going on; the sign-in page seems to close my new window and open one of its own somehow, which is confusing and annoying.

This becomes a further problem on Android (as a "home screen" app).  Running as an "app", if I click the log-in button, the app is switched out to Chrome; a tab is briefly opened and closed; and then the "Open with" menu appears.  I pick Chrome; log in successfully; and the window does not close ("window.close()" thing above).  So now I have to switch apps by to my "home screen" app, and since the window that it created was closed by the Google sign-in page, my app has already determined that I am not logged in (since the "window.closed" detection happened before I even got an account-picker page).

I should note that the "logOUT URL" works perfectly fine (same system: "window.open()" to the logout URL with a redirect to a simple page that performs "window.close()"); the "window.close()" is successful and everything works exactly as I would expect.  Ditto for Chrome "home screen" logout: the app is switched out for Chrome; the user picks an account to sign out from (I'm also confused about that, since you're only signed in with one account, but whatever); and then the tab closes and the "home screen" app is switched back in.

Also: on iOS (Safari) as a "home screen" app, the login process ends up leaving the user with a blank screen (instead of closing or even showing the contents of my simple page on redirect).  I suspect that all these things are related.

Does anyone have any idea what is going on with the "login URL" and why it behaves that way?

And does anyone know why the "logout URL" asks the user to choose an account on mobile (but not desktop; it just logs me out and redirects me on desktop)?

[husayt]

There is a major problem with login urls in chrome. Not sure if it is chrome to blame or appengine for generating such urls. I am not sure if you have the same issue. But this problem has been out there for some time, causing pain to everyone and still ignored by Google. Probably, they can;t decide who's responsibility is this.

At least let's star the issue on tracker.

https://code.google.com/p/googleappengine/issues/detail?id=9045