Facebook appears to authenticate, but doesn't stay in session

[Chris Muldrow]

I'm trying to integrate SimpleAuth into my app at Grajj.com, but I'm having some trouble. If you go here: grajj.com/home.html, you see I'm using the example code to try to make it work. When I click the Facebook link, though, it appears to be clearing through Facebook OK, but then dumping the session when it redirects to the next page.

I'm logging this code:

if user:

logging.info('Found existing user to log in')

# Existing users might've changed their profile data so we update our

# local model anyway. This might result in quite inefficient usage

# of the Datastore, but we do this anyway for demo purposes.

#

# In a real app you could compare _attrs with user's properties fetched

# from the datastore and update local user in case something's changed.

user.populate(**_attrs)

logging.info(self.logged_in)

logging.info(self.auth.get_user_by_session())

user.put()

self.auth.set_session(self.auth.store.user_to_dict(user))

logging.info(self.auth.store.user_to_dict(user))

else:

# check whether there's a user currently logged in

# then, create a new user if nobody's signed in, 

# otherwise add this auth_id to currently logged in user.

if self.logged_in:

logging.info('Updating currently logged in user')

u = self.current_user

u.populate(**_attrs)

# The following will also do u.put(). Though, in a real app

# you might want to check the result, which is

# (boolean, info) tuple where boolean == True indicates success

# See webapp2_extras.appengine.auth.models.User for details.

u.add_auth_id(auth_id)

else:

logging.info('Creating a brand new user')

ok, user = self.auth.store.user_model.create_user(auth_id, **_attrs)

if ok:

self.auth.set_session(self.auth.store.user_to_dict(user))

# Remember auth data during redirect, just for this demo. You wouldn't

# normally do this.

self.session.add_flash(data, 'data - from _on_signin(...)')

self.session.add_flash(auth_info, 'auth_info - from _on_signin(...)')

# Go to the profile page

logging.info('sending to profile page')

logging.info(self.auth.get_user_by_session())

logging.info(self.logged_in)

self.redirect('/profile')

And getting this in my log:

1. 2013-11-17 21:06:55.479 Looking for a user with id facebook:5XXXXXXXX

2. I2013-11-17 21:06:55.489 Found existing user to log in

3. I2013-11-17 21:06:55.490 False

4. I2013-11-17 21:06:55.490 None

5. I2013-11-17 21:06:55.735 {'user_id': 5XXXXXXXXXXXXX}

6. I2013-11-17 21:06:55.735 sending to profile page

7. I2013-11-17 21:06:55.735 {'cache_ts': 1384751215, 'remember': 0, 'user_id': 5XXXXXXXXXXXXX, 'token': u'2XXXXXXXXXXXX', 'token_ts': 1XXXXXXXXXX}

8. I2013-11-17 21:06:55.736 False

[Chris Muldrow]

Oddly, I'm getting the same behavior on simpleauth.appspot.com. It'll let me in with Google authentication, but Facebook just keeps bouncing back to the not-logged-in page

[Chris Muldrow]

Twas this:

self.session.add_flash(data, 'data - from _on_signin(...)')

self.session.add_flash(auth_info, 'auth_info - from _on_signin(...)')