I'm developing a web app that (through the magic of "manifest.json" and
some Safari-equivalent "meta" tags) can be added to a user's "home screen"
on his mobile phone. If you're not familiar with it, basically the browser
(Chrome and Safari right now) will allow you to make a website more
app-like by adding it to the phone's home screen with an icon and none of
the browser decorations (location bar, back button, etc.).
Anyway, I'm using the stock Google App Engine authentication system to sign
the users in. To keep things tidy, no pages *require* authentication; the
JSON REST API handles appropriate permissions and such based on App
Engine's idea of who has signed in (the "getCurrentUser" method of the
"UserService" class in Java, for example). When I want to sign the user
in, I open a window using the "login URL" using "window.open()" (the "login
URL" is provided by the "createLoginURL" method of the "UserService"
instance in the Java API). The login URL redirects (once logged in) to a
simple page that performs a "window.close()" to close the sign-in window
and return the user to the app (which detects the "closed" state of the
window and attempts to refresh its state appropriately).
When I do this on my desktop, I get a new tab to open with the Google
account picker screen; I sign in; the tab closes. This is as expected.
When I do this on Android, I get a new tab quickly, but then it closes, and
I am asked how I want to open the URL (Chrome, other apps, etc.) (as if I
had just clicked on a link in a different app, for example). If I choose
Chrome, then I get a new tab with the Google account picker screen; I sign
in; the tab does not close (there is a console error about not being able
to call "window.close()" from a window that wasn't opened with
"window.open()"). So in Android, I see two strange things going on; the
sign-in page seems to close my new window and open one of its own somehow,
which is confusing and annoying.
This becomes a further problem on Android (as a "home screen" app).
Running as an "app", if I click the log-in button, the app is switched out
to Chrome; a tab is briefly opened and closed; and then the "Open with"
menu appears. I pick Chrome; log in successfully; and the window does not
close ("window.close()" thing above). So now I have to switch apps by to
my "home screen" app, and since the window that it created was closed by
the Google sign-in page, my app has already determined that I am not logged
in (since the "window.closed" detection happened before I even got an
account-picker page).
I should note that the "logOUT URL" works perfectly fine (same system:
"window.open()" to the logout URL with a redirect to a simple page that
performs "window.close()"); the "window.close()" is successful and
everything works exactly as I would expect. Ditto for Chrome "home screen"
logout: the app is switched out for Chrome; the user picks an account to
sign out from (I'm also confused about that, since you're only signed in
with one account, but whatever); and then the tab closes and the "home
screen" app is switched back in.
Also: on iOS (Safari) as a "home screen" app, the login process ends up
leaving the user with a blank screen (instead of closing or even showing
the contents of my simple page on redirect). I suspect that all these
things are related.
Does anyone have any idea what is going on with the "login URL" and why it
behaves that way?
And does anyone know why the "logout URL" asks the user to choose an
account on mobile (but not desktop; it just logs me out and redirects me on
desktop)?
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/7dc20405-20bc-4df9-9d69-41d38e10cc3a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
