Google Apps account login
1,224 views
Skip to first unread message
David
Oct 5, 2010, 11:21:05 AM10/5/10
to Google App Engine
I'm having an issue with users not being able to authenticate with GAE
using a Google Apps account. Regular Google account users can access
it fine. How do I make it so it supports Google Apps logins in
addition? Do I need to use the Federated Login stuff in GAE? It is
currently not set to Federated because that makes it so neither Google
Apps nor Google accounts work. Can anyone help me out?
Thanks,
David
using a Google Apps account. Regular Google account users can access
it fine. How do I make it so it supports Google Apps logins in
addition? Do I need to use the Federated Login stuff in GAE? It is
currently not set to Federated because that makes it so neither Google
Apps nor Google accounts work. Can anyone help me out?
Thanks,
David
Robert Kluin
Oct 5, 2010, 3:02:26 PM10/5/10
to google-a...@googlegroups.com
Yes, you will need to use the federated login (OpenID) stuff.
The long-and-short of it is that you pass the federated_identity
parameter to users.create_login_url. You'll need to setup a page for
users to tell you what goes in federated_identity somehow, perhaps by
clicking a google logo or entering an apps domain.
For Google accounts:
users.create_login_url(federated_identity='google.com/accounts/o8/id')
or
users.create_login_url(federated_identity='gmail.com')
For an Apps account:
users.create_login_url(federated_identity='google.com/accounts/o8/site-xrds?hd=yourappsdomain.com')
There is a little info here:
http://code.google.com/appengine/docs/python/users/overview.html
And Wesley has a nice article about it here:
http://code.google.com/appengine/articles/openid.html
Some info on Google Apps domains and OpenID:
http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains?pli=1
Robert
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
>
>
David
Oct 7, 2010, 3:34:34 AM10/7/10
to Google App Engine
Wow, that federated login stuff is really complicated. One thing in
your example assumes I know what yourappsdomain.com would be. I don't
want to restrict the google apps account to my google apps logins, I
just want all google apps logins to work. I basically have an Android
app that integrates in with my app engine server. The Android Market
lets the user put in any Google account or Google Apps account. I
just want that same account to work on my app engine server. Google
accounts work, but Google Apps accounts do not. I am able to get the
Auth token and authenticate the user via token with the google apps
account, it just appears that the ACSID cookie I send to the appengine
server denies access. Now with federated login, is there a way to
authenticate using an auth token?
On Oct 5, 12:02 pm, Robert Kluin <robert.kl...@gmail.com> wrote:
> Yes, you will need to use the federated login (OpenID) stuff.
>
> The long-and-short of it is that you pass the federated_identity
> parameter to users.create_login_url. You'll need to setup a page for
> users to tell you what goes in federated_identity somehow, perhaps by
> clicking a google logo or entering an apps domain.
>
> For Google accounts:
> users.create_login_url(federated_identity='google.com/accounts/o8/id')
> or
> users.create_login_url(federated_identity='gmail.com')
>
> For an Apps account:
> users.create_login_url(federated_identity='google.com/accounts/o8/site-xrds?hd=yourappsdomain.com')
>
> There is a little info here:
> http://code.google.com/appengine/docs/python/users/overview.html
>
> And Wesley has a nice article about it here:
> http://code.google.com/appengine/articles/openid.html
>
> Some info on Google Apps domains and OpenID:
> http://groups.google.com/group/google-federated-login-api/web/openid-...
>
> Robert
your example assumes I know what yourappsdomain.com would be. I don't
want to restrict the google apps account to my google apps logins, I
just want all google apps logins to work. I basically have an Android
app that integrates in with my app engine server. The Android Market
lets the user put in any Google account or Google Apps account. I
just want that same account to work on my app engine server. Google
accounts work, but Google Apps accounts do not. I am able to get the
Auth token and authenticate the user via token with the google apps
account, it just appears that the ACSID cookie I send to the appengine
server denies access. Now with federated login, is there a way to
authenticate using an auth token?
On Oct 5, 12:02 pm, Robert Kluin <robert.kl...@gmail.com> wrote:
> Yes, you will need to use the federated login (OpenID) stuff.
>
> The long-and-short of it is that you pass the federated_identity
> parameter to users.create_login_url. You'll need to setup a page for
> users to tell you what goes in federated_identity somehow, perhaps by
> clicking a google logo or entering an apps domain.
>
> For Google accounts:
> users.create_login_url(federated_identity='google.com/accounts/o8/id')
> or
> users.create_login_url(federated_identity='gmail.com')
>
> For an Apps account:
> users.create_login_url(federated_identity='google.com/accounts/o8/site-xrds?hd=yourappsdomain.com')
>
> There is a little info here:
> http://code.google.com/appengine/docs/python/users/overview.html
>
> And Wesley has a nice article about it here:
> http://code.google.com/appengine/articles/openid.html
>
> Some info on Google Apps domains and OpenID:
>
> Robert
Robert Kluin
Oct 9, 2010, 9:57:59 PM10/9/10
to google-a...@googlegroups.com
Hi David,
I am not familiar with the android marketplace, sorry.
I am not familiar with the android marketplace, sorry.
I currently use two techniques. First, on my general login page
users can select Google Apps then enter the domain in a text box.
Second, like google services, users can go to a /theirdomain.com
enpoint and I fill in the domain and send them to the right login page
-- also pretty easy.
Robert
AmaltasCoder
Dec 6, 2010, 2:46:40 AM12/6/10
to Google App Engine
My GAE app only allows Google Account and Google Apps users. To login
Google Apps users I provide a login page with a text box field asking
them their email. In server side I simply extract the domain portion
of the email and create login url using
users.create_login_url(federated_identity='google.com/accounts/o8/site-
xrds?hd=yourappsdomain.com')
How can I find whether the extracted domain is actually a Google Apps
domain? what if someone simply provides say yahoo.com? I would like to
give the user a warning stating that the domain is not present on
google apps and he should contact system admin.
On Oct 10, 6:57 am, Robert Kluin <robert.kl...@gmail.com> wrote:
> Hi David,
> I am not familiar with the android marketplace, sorry.
>
> I currently use two techniques. First, on my generalloginpage
> users can selectGoogleAppsthen enter the domain in a text box.
> Second, likegoogleservices, users can go to a /theirdomain.com
> > Wow, that federatedloginstuff is really complicated. One thing in
> > accounts work, butGoogleAppsaccounts do not. I am able to get the
> >> > it fine. How do I make it so it supportsGoogleAppslogins in
> >> > addition? Do I need to use the FederatedLoginstuff in GAE? It is
>
> >> > Thanks,
> >> > David
>
> >> > --
> >> > You received this message because you are subscribed to theGoogleGroups "GoogleApp Engine" group.
> >> > To post to this group, send email togoogle-...@googlegroups.com.
> >> > To unsubscribe from this group, send email togoogle-appeng...@googlegroups.com.
> > To post to this group, send email togoogle-...@googlegroups.com.
> > To unsubscribe from this group, send email togoogle-appeng...@googlegroups.com.
Google Apps users I provide a login page with a text box field asking
them their email. In server side I simply extract the domain portion
of the email and create login url using
users.create_login_url(federated_identity='google.com/accounts/o8/site-
xrds?hd=yourappsdomain.com')
How can I find whether the extracted domain is actually a Google Apps
domain? what if someone simply provides say yahoo.com? I would like to
give the user a warning stating that the domain is not present on
google apps and he should contact system admin.
On Oct 10, 6:57 am, Robert Kluin <robert.kl...@gmail.com> wrote:
> Hi David,
> I am not familiar with the android marketplace, sorry.
>
> I currently use two techniques. First, on my generalloginpage
> Second, likegoogleservices, users can go to a /theirdomain.com
> enpoint and I fill in the domain and send them to the rightloginpage
> -- also pretty easy.
>
> Robert
>
>
>
>
>
>
>
> On Thu, Oct 7, 2010 at 03:34, David <s2kd...@gmail.com> wrote:
> -- also pretty easy.
>
> Robert
>
>
>
>
>
>
>
> > Wow, that federatedloginstuff is really complicated. One thing in
> > your example assumes I know what yourappsdomain.com would be. I don't
> > want to restrict thegoogleappsaccountto mygoogleappslogins, I
> > just want allgoogleappslogins to work. I basically have an Android
> > want to restrict thegoogleappsaccountto mygoogleappslogins, I
> > app that integrates in with my app engine server. The Android Market
> > lets the user put in anyGoogleaccountorGoogleAppsaccount. I
> > just want that sameaccountto work on my app engine server. Google
> > lets the user put in anyGoogleaccountorGoogleAppsaccount. I
> > accounts work, butGoogleAppsaccounts do not. I am able to get the
> > Auth token and authenticate the user via token with thegoogleapps
> >account, it just appears that the ACSID cookie I send to the appengine
> > server denies access. Now with federatedlogin, is there a way to
> >account, it just appears that the ACSID cookie I send to the appengine
> > authenticate using an auth token?
>
> > On Oct 5, 12:02 pm, Robert Kluin <robert.kl...@gmail.com> wrote:
> >> Yes, you will need to use the federatedlogin(OpenID) stuff.
>
> > On Oct 5, 12:02 pm, Robert Kluin <robert.kl...@gmail.com> wrote:
>
> >> The long-and-short of it is that you pass the federated_identity
> >> parameter to users.create_login_url. You'll need to setup a page for
> >> users to tell you what goes in federated_identity somehow, perhaps by
> >> clicking agooglelogo or entering anappsdomain.
>
> >> ForGoogleaccounts:
> >> users.create_login_url(federated_identity='google.com/accounts/o8/id')
> >> or
> >> users.create_login_url(federated_identity='gmail.com')
>
> >> For anAppsaccount:
> >> users.create_login_url(federated_identity='google.com/accounts/o8/site-xrds ?hd=yourappsdomain.com')
> >> The long-and-short of it is that you pass the federated_identity
> >> parameter to users.create_login_url. You'll need to setup a page for
> >> users to tell you what goes in federated_identity somehow, perhaps by
> >> clicking agooglelogo or entering anappsdomain.
>
> >> ForGoogleaccounts:
> >> users.create_login_url(federated_identity='google.com/accounts/o8/id')
> >> or
> >> users.create_login_url(federated_identity='gmail.com')
>
> >> For anAppsaccount:
>
> >> There is a little info here:
> >> http://code.google.com/appengine/docs/python/users/overview.html
>
> >> And Wesley has a nice article about it here:
> >> http://code.google.com/appengine/articles/openid.html
>
> >> Some info onGoogleAppsdomains and OpenID:
> >> There is a little info here:
> >> http://code.google.com/appengine/docs/python/users/overview.html
>
> >> And Wesley has a nice article about it here:
> >> http://code.google.com/appengine/articles/openid.html
>
> >> http://groups.google.com/group/google-federated-login-api/web/openid-...
>
> >> Robert
>
> >> On Tue, Oct 5, 2010 at 11:21, David <s2kd...@gmail.com> wrote:
> >> > I'm having an issue with users not being able to authenticate with GAE
> >> > using aGoogleAppsaccount. RegularGoogleaccountusers can access
>
> >> Robert
>
> >> On Tue, Oct 5, 2010 at 11:21, David <s2kd...@gmail.com> wrote:
> >> > I'm having an issue with users not being able to authenticate with GAE
> >> > it fine. How do I make it so it supportsGoogleAppslogins in
> >> > addition? Do I need to use the FederatedLoginstuff in GAE? It is
> >> > currently not set to Federated because that makes it so neitherGoogle
> >> >AppsnorGoogleaccounts work. Can anyone help me out?
>
> >> > Thanks,
> >> > David
>
> >> > --
> >> > You received this message because you are subscribed to theGoogleGroups "GoogleApp Engine" group.
> >> > To post to this group, send email togoogle-...@googlegroups.com.
> >> > To unsubscribe from this group, send email togoogle-appeng...@googlegroups.com.
> >> > For more options, visit this group athttp://groups.google.com/group/google-appengine?hl=en.
>
> > --
> > You received this message because you are subscribed to theGoogleGroups "GoogleApp Engine" group.
>
> > --
> > To post to this group, send email togoogle-...@googlegroups.com.
> > To unsubscribe from this group, send email togoogle-appeng...@googlegroups.com.
dflorey
Dec 6, 2010, 4:14:29 AM12/6/10
to Google App Engine
@AmaltasCoder: This approach is not working if users associate
multiple emails with their account and try to login with an email that
does not contain the proper domain part.
I've also started using this approach, but you'll most likely come
across some "I cannot login with my email" complaints.
So I've switched to the approach proposed by Robert - even though I'd
love to have a nicer login process.
multiple emails with their account and try to login with an email that
does not contain the proper domain part.
I've also started using this approach, but you'll most likely come
across some "I cannot login with my email" complaints.
So I've switched to the approach proposed by Robert - even though I'd
love to have a nicer login process.
Reply all
Reply to author
Forward
0 new messages