Hello,
I managed starting openID authentication for my app on GAE.
Login works correctly with gmail accounts if _ah/login_required is not
under a security constraint in web.xml.
Then, I show the user a JSP page, Header.jsp listing user's email and
a logout link.
Generating logout link with
String logoutURL =
authenticator.createLogoutURL(request.getRequestURI());
I get
http://myapp.appspot.com/_ah/openid_logout?continue=http://myapp.appspot.com/Header.jsp
Which logs out the user correctly.
What is unusual is the fact that I've deployed a servlet to allow user
to log out from google accounts also, mapped to
_ah/openid_logout which should prompt the user with Google accounts
logout link, so they can log out from Google.
This servlet seems to be completely bypassed using logout link: no
requests to openid_logout show in application logs, nothing is shown
from servlet, user gets immediate redirect to the app (and is prompted
to authorize the app again if authorization was not saved).
Firebug shows correct GET to logout url anyway...
If you manually change the value of "continue" parameter, say to
http://www.google.com, my logout servlet works perfectly, showing
Google's logout link, and request shows in log.
Any advice about this behavior in redirection? this does not seem to
be covered in http://code.google.com/appengine/docs/java/users/overview.html
Thanks a lot
Lorenzo
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en.
