In the last three days (or I should probably say evenings) I was working on an app for Android, specifically the part which logs in to my Google App Engine app with Client Login. It was an interesting journey, and I thought that other people may be able to learn from my mistakes, so here it is:
For GAE, Client Login works like this:
- Get the Auth string from “https://www.google.com/accounts/ClientLogin” with a post
- Using the Auth string, get the cookie from “http://myapp.appspot.com/_ah/login” using the abovementioned auth string as a get param, (and add a “continue” param too)
- Use the cookie for subsequent calls
When I tried the second part, I got this:
500 Server Error
Error: Server Error
The server encountered an error and could not complete your request. If the problem persists, please report your problem and mention this error message and the query that caused it.
Someone showed me this: SyncProxy.java
So I inlined the get parameters, like in the code above, or this:
HttpGet get = new HttpGet("http://yourapp.appspot.com/_ah/login?continue=" + URLEncoder.encode("http://yourapp.appspot.com/") + "&auth="+auth.substring(5));
(Where auth is the String from the first request, starting with: “Auth:”)
And it was working.
A few other possible pitfalls I’ve seen:
- If the first url is wrong (should be: https://www.google.com/accounts/ClientLogin) you will get cookies in the reply, a well known one is “PREF=ID=..”
- The information that you send in should be the body of the “post” call for the first request, and “get” parameters in the second.
- The Auth string from the first call comes back as content (in the body), not as header/cookie
- For the second call, it’s better to turn off redirect following
- You don’t need a CookieManager to capture the cookie. You can just look for “Set-Cookie” in the headers
- You can send the cookie as a “Cookie” header field, containing the same content.
- The expiry date of the cookie depends on your GAE app settings. The default is one day, you can change it to 1 or 2 weeks.