Resolved, kinda... I was redirecting with federatedIdentity="http:// myopenid.com/", letting user fill-in his username on the MyOpenId.com website. (Just like it works with Google's end-point.) When I redirect client with complete federatedIdentity like "http://jaroslav.xn--zruba- xqa.myopenid.com/" all goes smooth.
Now I'm only dying of curiosity whether I was 'doing it wrong'? :P On Jun 22, 1:14 am, Jaroslav Záruba <[email protected]> wrote: > I'm trying to enable OpenID authentication for my app. With Google as > IDP it works fine. With MyOpenId.com I get the 500 Error page after I > approve authentication on their > site.http://app-id.appspot.com/_ah/openid_verify?...tonsofparameters... > > I never knew I should take care about /_ah/openid_verify, should I? > > On Jun 10, 12:54 pm, Rajkumar Radhakrishnan <[email protected]> > wrote: > > > > > Thanks for enquiring, Ikai. > > > Was held up implementing some features - including integrating OpenId > > support - that I missed reading the groups' emails for a few days. > > > Regarding snags.. except when I try to login with a Google Account created > > using a Google Apps email-id, everything works fine. > > > *Details :* > > When users login using normal Google Accounts and normal Google Apps user > > accounts, by providing the domain name, there are no issues. > > > But, when one has a Google Apps user account with email id > > [email protected] and had created a Google Account providing this > > email-id. Then, logging in with this Google Account (instead of Google Apps > > account) an Internal Server Error occurs.. > > > Error: Server Error > > The server encountered an error and could not complete your request. > > > If the problem persists, please report your problem and mention this error > > message and the query that caused it. > > > The URL flow at is as given below : > > > The initial URL is something > > like..http://MY.DOMAIN.COM/_ah/login_redir?claimid=gmail.com&continue=http:... > > > ..which gets HTTP 302 to a URL of the > > form:https://www.google.com/accounts/o8/ud?source=gmail.com > > &openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0 > > &openid.mode=checkid_setup > > &openid.claimed_id=http%3A%2F%2Fspecs.openid.net > > %2Fauth%2F2.0%2Fidentifier_select > > &openid.identity=http%3A%2F%2Fspecs.openid.net > > %2Fauth%2F2.0%2Fidentifier_select > > &openid.assoc_handle=... > > &openid.return_to=http%3A%2F%2FMY.DOMAIN.COM > > %2F_ah%2Fopenid_verify%3Fcontinue%3Dhttp%253A%252F%252FMY.DOMAIN.COM > > %252F%26gx.rp_st%3D... > > &openid.realm=http%3A%2F%2FMY.DOMAIN.COM > > &openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0 > > &openid.ax.mode=fetch_request > > &openid.ax.type.attr0=http%3A%2F%2Faxschema.org%2Fcontact%2Femail > > &openid.ax.type.attr1=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail > > &openid.ax.required=attr0%2Cattr1%2Cauto2 > > &openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1 > > &openid.sreg.required=email > > &openid.ns.ui=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fui%2F1.0 > > &openid.ax.type.auto2=http%3A%2F%2Fwww.google.com > > %2Faccounts%2Fapi%2Ffederated-login%2Fid > > > ..which then gets 302 to the URL of the form > > :http://MY.DOMAIN.COM/_ah/openid_verify? > > continue=http%3A%2F%2FMY.DOMAIN.COM%2F > > &gx.rp_st=... > > &openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0 > > &openid.mode=id_res > > &openid.op_endpoint=https%3A%2F%2Fwww.google.com > > %2Faccounts%2Fo8%2Fud%3Fsource%3Dgmail.com > > &openid.response_nonce=2010-06-10.. > > &openid.return_to=http%3A%2F%2FMY.DOMAIN.COM > > %2F_ah%2Fopenid_verify%3Fcontinue%3Dhttp%253A%252F%252FMY.DOMAIN.COM > > %252F%26gx.rp_st%... > > &openid.assoc_handle=... > > &openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_n > > once%2Cassoc_handle > > &openid.sig=.. > > &openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D.. > > &openid.claimed_id=https%3A%2F%2Fwww.google.com > > %2Faccounts%2Fo8%2Fid%3Fid%3D.. > > > There are no errors when viewed from the App Engine admin console. > > > I use GAE Python (also making a CC to the python groups) and the default > > API. That is, users.create_login_url(redirect_to) for Google Account login > > and users.create_login_url(redirect_to, None, apps_openid_url) when Apps > > domain is provided. > > > From the URL flow, I see that the default domain is taken to be gmail.com, > > when not providing the domain. May the issue is because of this. I guess > > there will issues for users having Google Accounts with "@googlemail.com" > > domain too. Is there is a better way to in which I should use the API to > > avoid this issue, or should I file an issue ? > > > I also remember getting the error message mentioned in this issue > > :http://code.google.com/p/googleappengine/issues/detail?id=3270 > > > But, not able to reproduce it now. > > > Thanks & Regards, > > R.Rajkumar > > > On Mon, May 17, 2010 at 11:02 PM, Ikai L (Google) <[email protected]> wrote: > > > > Thanks! Did you run into any snags doing it? > > > > On Fri, May 14, 2010 at 4:17 AM, Rajkumar Radhakrishnan < > > > [email protected]> wrote: > > > >> Lots of love to you folks, for OpenID !! > > >> I was almost tempted to go in for temporary libraries.. until the feature > > >> arrives. > > > >> And the way, you made it switchable via admin console (instead of having > > >> to redeploy) is good too. > > > >> Thank you very much. > > > >> Regards, > > >> R.Rajkumar > > > >> On Fri, May 14, 2010 at 6:46 AM, yjun hu <[email protected]> wrote: > > > >>> maybe google app engine shall cancel the 30seconds limit, most of > > >>> backend process need more than 30seconds > > > >>> On Fri, May 14, 2010 at 2:17 AM, atomi <[email protected]> wrote: > > > >>>> Are there API reference docs for the OpenID support? > > >>>> It seems as though a new application would need to be created for this > > >>>> to work - am I correct in assuming this? As of now I don't see that > > >>>> option, > > >>>> which makes it a little difficult to test or play with. > > >>>> What is the ETA/schedule on the feature complete 1.3.4 release? > > >>>> Thanks. > > > >>>> On Thu, May 13, 2010 at 10:48 AM, Ikai L (Google) > > >>>> <[email protected]>wrote: > > > >>>>> ... a link to the download would be helpful: > > > >>>>>http://code.google.com/p/googleappengine/downloads/list > > > >>>>> On Thu, May 13, 2010 at 7:45 PM, Ikai L (Google) > > >>>>> <[email protected]>wrote: > > > >>>>>> Greetings, Java developers! > > > >>>>>> Prerelease SDK 1.3.4 is ready for download. As usual, please help us > > >>>>>> test this release and post feedback to this thread. > > > >>>>>> The release notes are below: > > > >>>>>> Version 1.3.4 > > >>>>>> ============= > > >>>>>> - Client side bulkloader available with the Python SDK that has a new > > >>>>>> configuration syntax and wizard for easier import/export with the > > >>>>>> datastore. > > >>>>>> Can be used by enabling remote_api in your Java application > > >>>>>> - Applications can now be configured to authenticate with OpenID by > > >>>>>> selecting > > >>>>>> the OpenID option when creating your application in the admin > > >>>>>> console > > >>>>>> http://code.google.com/p/googleappengine/issues/detail?id=248 > > >>>>>> http://code.google.com/p/googleappengine/issues/detail?id=56 > > >>>>>> - New API to allow App Engine apps to act as OAuth service providers > > >>>>>> http://code.google.com/p/googleappengine/issues/detail?id=919 > > >>>>>> - The version update check in the Java SDK now uses https > > >>>>>> - Allow full access to javax.el.* > > >>>>>> http://code.google.com/p/googleappengine/issues/detail?id=3157 > > >>>>>> - Increased the timeout during deployment to 15 minutes > > >>>>>> - Fixed an issue with JPA where an illegal cast exception was thrown > > >>>>>> during the > > >>>>>> fetch of integer fields > > >>>>>> - MemcacheService.setNamespace() is deprecated in favor of > > >>>>>> MemcacheServiceFactory.getMemcacheManager(namespace) > > >>>>>> - Support in the SDK for Java 1.5 is being deprecated. These warnings > > >>>>>> now appear > > >>>>>> when starting the SDK > > > >>>>>> -- > > >>>>>> Ikai Lan > > >>>>>> Developer Relations, Google App Engine > > >>>>>> Twitter:http://twitter.com/ikai > > >>>>>> Delicious:http://delicious.com/ikailan > > > >>>>>> ---------------- > > >>>>>> Google App Engine links: > > >>>>>> Blog:http://googleappengine.blogspot.com > > >>>>>> Twitter:http://twitter.com/app_engine > > >>>>>> Reddit:http://www.reddit.com/r/appengine > > > >>>>> -- > > >>>>> Ikai Lan > > >>>>> Developer Relations, Google App Engine > > >>>>> Twitter:http://twitter.com/ikai > > >>>>> Delicious:http://delicious.com/ikailan > > > >>>>> ---------------- > > >>>>> Google App Engine links: > > >>>>> Blog:http://googleappengine.blogspot.com > > >>>>> Twitter:http://twitter.com/app_engine > > >>>>> Reddit:http://www.reddit.com/r/appengine > > > >>>>> -- > > >>>>> You received this message because you are subscribed to the Google > > >>>>> Groups "Google App Engine for Java" group. > > >>>>> To post to this group, send email to > > >>>>> [email protected]. > > >>>>> To unsubscribe from this group, send email to > > >>>>> [email protected]<google-appengine-java%2B > > >>>>> [email protected]> > > >>>>> . > > >>>>> For more options, visit this group at > > >>>>>http://groups.google.com/group/google-appengine-java?hl=en. > > > >>>> -- > > >>>> You received this message because you are subscribed to the Google > > >>>> Groups "Google App Engine for Java" group. > > >>>> To post to this group, send email to > > >>>> [email protected]. > > >>>> To unsubscribe from this group, send email to > > >>>> [email protected]<google-appengine-java%2B > > >>>> [email protected]> > > >>>> . > > >>>> For more options, visit this group at > > >>>>http://groups.google.com/group/google-appengine-java?hl=en. > > > >>> -- > > >>> hapeblog (Blog on GAE) > > >>>http://www.hapeblog.com > > > >>> -- > > >>> You received this message because you are subscribed to the Google > > >>> Groups > > >>> "Google App Engine for Java" group. > > >>> To post to this group, send email to > > >>> [email protected]. > > >>> To unsubscribe from this group, send email to > > >>> [email protected]<google-appengine-java%2B > > >>> [email protected]> > > >>> . > > >>> For more options, visit this group at > > ... > > read more » -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
