Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using GAE users service - can't get "sign-in as a different user"

Tags:

python

cookies

django

openid

google-app-engine

I'm using the GAE users service for login/logout mechanism, with create_login_url, etc, and it all works fine. BTW, I use the federated OpenID option.

But I have one problem - since the users service checks with user=users.get_current_user() then if a user is logged in to his gmail, it automatically logs him into my service. This is OK, but what if a different user wants to login? how can I redirect the user to a page such as the "sign in as a different user"?

I tried to remove the cookie I'm creating, and it gets removed:

  if not (self.request.cookies.has_key('ACSID')):
        logging.debug('no cookies')
        self.redirect(users.create_login_url(self.request.uri))
        return

then I see the log for "no cookies", but the next thing happens is that it logs the user in, without putting him on the "google accounts" login page... So the user never have the opportunity to login as a different user.

Any idea?

like image 982
Lior Frenkel Avatar asked Dec 12 '25 22:12

Lior Frenkel

1 Answers

Best I can think of is; you could try showing a link to /_ah/login_required which will trigger the OpenID signin page and (hopefully) also contain a "sign in as someone else" button.

This doesn't fully solve the issue, as the problem is complicated by multiple openid providers.

It's not possible to force someone to sign out of their provider's site AFAIK.

Full example of creating the login/this-is-not-me page:

Add a login path to your app.yaml

- url: /_ah/login_required
  script: app.py

Create an OpenID login handler to create a relevent login url

class OpenIDHandler(webapp.RequestHandler):
    def get(self):
        """Begins the OpenID flow/Google Apps discovery"""
        self.redirect(users.create_login_url(
            dest_url='http://yourappid.appspot.com',
            _auth_domain=None,
            federated_identity=self.request.get('domain')))

Add an OpenID handler to your wgsi app (probably main.py):

def main():
    ROUTES = [
        ('/_ah/login_required',      handlers.OpenIDHandler),
    ]
    application = webapp.WSGIApplication(ROUTES, debug=True)
    util.run_wsgi_app(application)
if __name__ == '__main__':
  main()

Now you can visit /_ah/login_required whenever you want someone to be prompted with the login (or 'this is not me' page)

like image 114
Chris Farmiloe Avatar answered Dec 14 '25 13:12

Chris Farmiloe
Sign in to Comment

Related questions

Keep only characters in between two hyphens from a dataframe cell which has comma separated list
Streamlit : How to reload a page using a button and storing previous informations after each click
How to implement comprehension in a class
Beautiful Soup not working on this website
Detect keyboard input with support of other languages from English
Batch import repositories to gitlab (self-hosted)
How to import `displayHTML` in DataBricks?
final annotation and decorator in python3.8
Pytorch - Concatenating Datasets before using Dataloader
Timeout within session while sending requests
Why won't pytest use pyproject.toml for this deprecation warning

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!