Re: [google-appengine] Re: gcloud beta logging read creates huge log files in .config

[Julian Bunn]

Isn't the qualifier for the beta logging read command --verbosity (not
--severity)?

gcloud beta logging read --limit=1 --verbosity=none

However, when this is used it still produces a log in the ~/.config
directory that contains all log level entries, including "INFO" level.

Perhaps I have misunderstood what you are suggesting?

(We are already running cron jobs to process our logs.)









On Wed, Apr 12, 2017 at 1:53 PM, 'George (Cloud Platform Support)' via
Google App Engine  wrote:

> As a first approach, you may try using the --severity=SEVERITY flag, or
> filter the read entries by using --limit=LIMIT, all this to diminish from
> start the general volume of logs.
>
> You may also consider implementing a cron job in Linux, to avoid having to
> delete unwanted files manually.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Google App Engine" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/google-appengine/8jY242lvAHk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> google-appengine+unsubscr...@googlegroups.com.
> To post to this group, send email to google-appengine@googlegroups.com.
> Visit this group at https://groups.google.com/group/google-appengine.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/google-appengine/7d05734a-b3d7-45bf-ab9d-
> 1ef9a6eb9231%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/CAAxkZQuaFqcA6CKcmg7Y3aPE%2BRLs_c69jjfLhzFR_kmUtz5peg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-appengine] Re: gcloud beta logging read creates huge log files in .config

[Julian Bunn]

Thanks for the info. We have no use for the gcloud beta logging tool's log
files, and would like to disable them.

Right now we are simply deleting them after the command terminates, but we
would like to avoid such a heavyweight approach, not to mention the
considerable I/O load they cause to our storage.

We are downloading the logs from our GAE application to our own archive
server: we do not use Google's storage buckets for that.

On Fri, Apr 7, 2017 at 1:55 PM, 'George (Cloud Platform Support)' via
Google App Engine  wrote:

> This is intended behavior: "The gcloud tool creates and stores logs in a
> log file that you can query, located at $HOME/.config/gcloud/logs. ", as
> documented at "Tips, Troubleshooting, & Known Issues
> ".
>
> Do you use the logs in the ~/.config/gcloud/logs directory in any way?
>
> Do you export logs with the beta command to one of your storage buckets?
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Google App Engine" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/google-appengine/8jY242lvAHk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> google-appengine+unsubscr...@googlegroups.com.
> To post to this group, send email to google-appengine@googlegroups.com.
> Visit this group at https://groups.google.com/group/google-appengine.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/google-appengine/4a6b5b95-afbd-4cbe-8fde-
> 86380ca70759%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/CAAxkZQu%3DW%3D%3DVO5CVjAT1CY_X8SDYfwOPiOVMq6ySFUEntKprGQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-appengine] Re: gcloud beta logging read creates huge log files in .config

[Julian Bunn]

Hello,

The size of the files in the ~/.config subdir appear to scale with the
number of logs downloaded by the gcloud tool.

We are downloading a day's worth of logs at a time, for a busy application
which produces around 750k log entries per day.

(Downloading this many log entries takes at least 10 hours with the gcloud
tool, which is another problem entirely!)

Right now I am simply deleting the log files created in the .config subdir,
after our download job finishes, but this is a rather crude fix!

Thanks,
Julian

On Thu, Apr 6, 2017 at 1:58 PM, 'George (Cloud Platform Support)' via
Google App Engine  wrote:

> Hello Julian,
>
> We could not reproduce the issue locally. The files in our linux machine’s
> ~/.config/gcloud/logs directory are reasonably small.
>
> You may attempt to reduce the size of your file by applying filtering more
> aggressively. Details on filter setup are to be found on the “Command Line
> Interface” documentation page
> .
>
> Hoping this is of help to you, I remain at your disposal for related
> questions.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Google App Engine" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/google-appengine/8jY242lvAHk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> google-appengine+unsubscr...@googlegroups.com.
> To post to this group, send email to google-appengine@googlegroups.com.
> Visit this group at https://groups.google.com/group/google-appengine.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/google-appengine/ae255ffc-6ae9-47d0-afed-
> 428c65911c98%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/CAAxkZQtnhcvTU8c8-_6%3DZ1VD-6Mp%2BKKndF3vQ09Vqma7s%3Dn5ug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[google-appengine] gcloud beta logging read creates huge log files in .config

[Julian Bunn]

We are trying to migrate from request_logs to the "gcloud beta logging 
read" system.

When downloading logs using the beta command, we find that simultaneously 
there are large files being created in:

~/.config/gcloud/logs

For example, downloading logs for our GAE app from yesterday, we have the 
following file in ~/.config/gcloud/logs/2017.04.05

 12293554288 Apr  5 10:41 01.00.02.690250.log

The file contains entries like this:

2017-04-05 10:35:02,227 INFO ___FILE_ONLY___   
2017-04-05 10:35:02,228 INFO ___FILE_ONLY___ responseSize
2017-04-05 10:35:02,228 INFO ___FILE_ONLY___ :
2017-04-05 10:35:02,228 INFO ___FILE_ONLY___  '
2017-04-05 10:35:02,228 INFO ___FILE_ONLY___ 76
2017-04-05 10:35:02,228 INFO ___FILE_ONLY___ '
2017-04-05 10:35:02,228 INFO ___FILE_ONLY___ 


How can we prevent the creation of this file when using the beta logging 
command, or at least reduce its size?

Thanks!



 


-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/bf1a5843-c358-42ec-9f3d-b238a106368b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-appengine] Re: Error when using google.cloud.logging with logging.v1.RequestLog?

[Julian Bunn]

Hi Nick,

Thanks - I had just started doing exactly what you suggest! :-)

I crave your indulgence on one other issue ... when I run a gcloud beta
logging command with a LOG_FILTER clause on a Unix system, it works fine.
For example:

 gcloud beta logging read 'timestamp<="2017-03-23T00:00:00Z" AND
timestamp>="2017-03-22T00:00:00Z"' --limit=2

However, on Windows, the exact same command doesn't work - I suspect the
single and double quotes are part of the problem:

 gcloud beta logging read 'timestamp<="2017-03-23T00:00:00Z" AND
timestamp>="2017-03-22T00:00:00Z"' --limit=2
The filename, directory name, or volume label syntax is incorrect.

(A simple "gcloud beta logging read" works just fine on Windows.)

I've tried various ways of escaping the quotes, but nothing appears to work.

Should I post this on StackOverflow?




On Wed, Mar 29, 2017 at 12:37 PM, 'Nick (Cloud Platform Support)' via
Google App Engine <google-appengine@googlegroups.com> wrote:

> Hey Julian,
>
> You have two options here: either to wait for the google.cloud library to
> get support for V1 logs, or adopt a slightly different approach to writing
> the python script. You could use the python subprocess
> <https://docs.python.org/2/library/subprocess.html> module to call the
> gcloud command (keeping in mind that this is part of the beta command
> group, which can change on updates without warning (the only warning being
> the release notes)), sending the output into a string, and then parsing the
> entries that way. This, while it would mean you'd have your logs in a
> python environment (with all the leverage that brings) however would not
> use the google.cloud library.
>
> Cheers,
>
> Nick
> Cloud Platform Community Support
>
> On Tuesday, March 28, 2017 at 5:51:54 PM UTC-4, Julian Bunn wrote:
>>
>> Thanks, Nick!
>>
>> I confirm that the command "gcloud beta logging read" retrieves our logs!
>> So this looks very promising ...
>>
>> Is there a way to call this interface similarly to:
>>
>> from google.cloud import logging
>> from google.cloud.logging import DESCENDING
>> def main():
>> client = logging.Client()
>> for entry in client.list_entries(order_by=DESCENDING):
>> print entry
>> if __name__ == '__main__':
>> main()
>>
>>
>>
>> On Tue, Mar 28, 2017 at 12:39 PM, 'Nick (Cloud Platform Support)' via
>> Google App Engine <google-appengine@googlegroups.com> wrote:
>>
>>> Hey Julian,
>>>
>>> I've observed the identical error when using the filter
>>> 'resource.type="gae_app" AND resource.labels.module_id="default"',
>>> where I'd deployed a standard environment app on "default".
>>>
>>> It appears this is caused by the fact that the standard environment
>>> doesn't log to Stackdriver v2 logging, as you observed. The docs show all
>>> v2 endpoints are what the library interfaces with. Nonetheless, it should
>>> be able to read V1 type logs as well, or at least we can consider this a
>>> feature request.
>>>
>>> In the meantime, the following command pattern can be used, presenting
>>> no problem with V1 logs:
>>>
>>> gcloud beta logging read ${LOG_FILTER}
>>>
>>>
>>> I've created a Public Issue Tracker issue
>>> <https://b.corp.google.com/issues/36687054> which you can follow while
>>> we work on this.
>>>
>>> Cheers,
>>>
>>> Nick
>>> Cloud Platform Community Support
>>>
>>> On Monday, March 27, 2017 at 3:14:13 PM UTC-4, Julian Bunn wrote:
>>>>
>>>> Hi Nick,
>>>>
>>>> Thanks ... I do try StackOverflow from time to time for these sorts of
>>>> technical issues, but have very limited success. Perhaps I'm using bad
>>>> tags. See for example a logging related question I posted there on Friday
>>>> about JSON credentials for logging https://stackoverflow.
>>>> com/questions/43004904/accessing-gae-log-files-using-google-
>>>> cloud-logging-python
>>>>
>>>> Regarding the v1.RequestLog error that's the topic of this thread: we
>>>> do not use StackDriver logging in our GAE deployment, so I wonder whether
>>>> cloud.logging only supports StackDriver logs?
>>>>
>>>> Otherwise, I am at a loss as to why google.cloud.logging can't
>>>> understand the log format it fetches from our GAE deployment?
>>>>
>>>> We've now been without access to our l

Re: [google-appengine] Re: Error when using google.cloud.logging with logging.v1.RequestLog?

[Julian Bunn]

Thanks, Nick!

I confirm that the command "gcloud beta logging read" retrieves our logs!
So this looks very promising ...

Is there a way to call this interface similarly to:

from google.cloud import logging
from google.cloud.logging import DESCENDING
def main():
client = logging.Client()
for entry in client.list_entries(order_by=DESCENDING):
print entry
if __name__ == '__main__':
main()



On Tue, Mar 28, 2017 at 12:39 PM, 'Nick (Cloud Platform Support)' via
Google App Engine <google-appengine@googlegroups.com> wrote:

> Hey Julian,
>
> I've observed the identical error when using the filter
> 'resource.type="gae_app" AND resource.labels.module_id="default"', where
> I'd deployed a standard environment app on "default".
>
> It appears this is caused by the fact that the standard environment
> doesn't log to Stackdriver v2 logging, as you observed. The docs show all
> v2 endpoints are what the library interfaces with. Nonetheless, it should
> be able to read V1 type logs as well, or at least we can consider this a
> feature request.
>
> In the meantime, the following command pattern can be used, presenting no
> problem with V1 logs:
>
> gcloud beta logging read ${LOG_FILTER}
>
>
> I've created a Public Issue Tracker issue
> <https://b.corp.google.com/issues/36687054> which you can follow while we
> work on this.
>
> Cheers,
>
> Nick
> Cloud Platform Community Support
>
> On Monday, March 27, 2017 at 3:14:13 PM UTC-4, Julian Bunn wrote:
>>
>> Hi Nick,
>>
>> Thanks ... I do try StackOverflow from time to time for these sorts of
>> technical issues, but have very limited success. Perhaps I'm using bad
>> tags. See for example a logging related question I posted there on Friday
>> about JSON credentials for logging https://stackoverflow.
>> com/questions/43004904/accessing-gae-log-files-using-google-
>> cloud-logging-python
>>
>> Regarding the v1.RequestLog error that's the topic of this thread: we do
>> not use StackDriver logging in our GAE deployment, so I wonder whether
>> cloud.logging only supports StackDriver logs?
>>
>> Otherwise, I am at a loss as to why google.cloud.logging can't understand
>> the log format it fetches from our GAE deployment?
>>
>> We've now been without access to our log data for almost a week, so I'm
>> getting quite desperate to find a solution either with request_logs or
>> cloud.logging :-)
>>
>> Thanks for your help.
>>
>> Julian
>>
>>
>>
>>
>> On Mon, Mar 27, 2017 at 11:58 AM, 'Nick (Cloud Platform Support)' via
>> Google App Engine <google-appengine@googlegroups.com> wrote:
>>
>>> Hey Julian,
>>>
>>> I've been able just now to run the same code fine. What might you mean
>>> by "the type of logging we use on GAE"? Are you doing anything particularly
>>> odd there?
>>>
>>> It's worth mentioning here that this forum isn't meant for technical
>>> support but rather for general discussion of the platform, services, design
>>> patterns, etc. This question should have been posted to
>>> stackoverflow.com on a relevant Cloud Platform / App Engine tag. We
>>> monitor Stack Overflow regularly, so we'll be able to answer there,
>>> although we can perhaps help debug this a little here before you move to
>>> post there.
>>>
>>> Cheers,
>>>
>>> Nick
>>> Cloud Platform Community Support
>>>
>>>
>>> On Monday, March 27, 2017 at 12:25:45 PM UTC-4, Julian Bunn wrote:
>>>>
>>>> Right now we cannot use the request_logs feature for downloading our
>>>> GAE logs (see my other thread on that problem!), so I thought I would try
>>>> the newer google.cloud features, and get modern :-)
>>>>
>>>> Here is the simple test I tried:
>>>>
>>>> from google.cloud import logging
>>>> from google.cloud.logging import DESCENDING
>>>> def main():
>>>> client = logging.Client()
>>>> for entry in client.list_entries(order_by=DESCENDING):
>>>> print entry
>>>> if __name__ == '__main__':
>>>> main()
>>>>
>>>> When executing this (after setting up the gcloud credentials), there
>>>> seems to be a problem parsing the log entries:
>>>>
>>>> python GetLogsCloud.py
>>>> Traceback (most recent call last):
>>>>   File "GetLogsCloud.py", line 25, in 
>>>> main()
>

Re: [google-appengine] Re: Error when using google.cloud.logging with logging.v1.RequestLog?

[Julian Bunn]

Hi Nick,

Thanks ... I do try StackOverflow from time to time for these sorts of
technical issues, but have very limited success. Perhaps I'm using bad
tags. See for example a logging related question I posted there on Friday
about JSON credentials for logging
https://stackoverflow.com/questions/43004904/accessing-gae-log-files-using-google-cloud-logging-python

Regarding the v1.RequestLog error that's the topic of this thread: we do
not use StackDriver logging in our GAE deployment, so I wonder whether
cloud.logging only supports StackDriver logs?

Otherwise, I am at a loss as to why google.cloud.logging can't understand
the log format it fetches from our GAE deployment?

We've now been without access to our log data for almost a week, so I'm
getting quite desperate to find a solution either with request_logs or
cloud.logging :-)

Thanks for your help.

Julian




On Mon, Mar 27, 2017 at 11:58 AM, 'Nick (Cloud Platform Support)' via
Google App Engine <google-appengine@googlegroups.com> wrote:

> Hey Julian,
>
> I've been able just now to run the same code fine. What might you mean by
> "the type of logging we use on GAE"? Are you doing anything particularly
> odd there?
>
> It's worth mentioning here that this forum isn't meant for technical
> support but rather for general discussion of the platform, services, design
> patterns, etc. This question should have been posted to stackoverflow.com
> on a relevant Cloud Platform / App Engine tag. We monitor Stack Overflow
> regularly, so we'll be able to answer there, although we can perhaps help
> debug this a little here before you move to post there.
>
> Cheers,
>
> Nick
> Cloud Platform Community Support
>
>
> On Monday, March 27, 2017 at 12:25:45 PM UTC-4, Julian Bunn wrote:
>>
>> Right now we cannot use the request_logs feature for downloading our GAE
>> logs (see my other thread on that problem!), so I thought I would try the
>> newer google.cloud features, and get modern :-)
>>
>> Here is the simple test I tried:
>>
>> from google.cloud import logging
>> from google.cloud.logging import DESCENDING
>> def main():
>> client = logging.Client()
>> for entry in client.list_entries(order_by=DESCENDING):
>> print entry
>> if __name__ == '__main__':
>> main()
>>
>> When executing this (after setting up the gcloud credentials), there
>> seems to be a problem parsing the log entries:
>>
>> python GetLogsCloud.py
>> Traceback (most recent call last):
>>   File "GetLogsCloud.py", line 25, in 
>> main()
>>   File "GetLogsCloud.py", line 18, in main
>> for entry in client.list_entries(order_by=DESCENDING):
>>   File "c:\python27\lib\site-packages\google\cloud\iterator.py", line
>> 219, in _items_iter
>> for item in page:
>>   File "c:\python27\lib\site-packages\google\cloud\iterator.py", line
>> 163, in next
>> result = self._item_to_value(self._parent, item)
>>   File "c:\python27\lib\site-packages\google\cloud\logging\_gax.py",
>> line 488, in _item_to_entry
>> resource = MessageToDict(entry_pb)
>>   File "c:\python27\lib\site-packages\google\protobuf\json_format.py",
>> line 133, in MessageToDict
>> return printer._MessageToJsonObject(message)
>>   File "c:\python27\lib\site-packages\google\protobuf\json_format.py",
>> line 164, in _MessageToJsonObject
>> return self._RegularMessageToJsonObject(message, js)
>>   File "c:\python27\lib\site-packages\google\protobuf\json_format.py",
>> line 196, in _RegularMessageToJsonObject
>> js[name] = self._FieldToJsonObject(field, value)
>>   File "c:\python27\lib\site-packages\google\protobuf\json_format.py",
>> line 230, in _FieldToJsonObject
>> return self._MessageToJsonObject(value)
>>   File "c:\python27\lib\site-packages\google\protobuf\json_format.py",
>> line 162, in _MessageToJsonObject
>> return methodcaller(_WKTJSONMETHODS[full_name][0], message)(self)
>>   File "c:\python27\lib\site-packages\google\protobuf\json_format.py",
>> line 266, in _AnyMessageToJsonObject
>> sub_message = _CreateMessageFromTypeUrl(type_url)
>>   File "c:\python27\lib\site-packages\google\protobuf\json_format.py",
>> line 341, in _CreateMessageFromTypeUrl
>> 'Can not find message descriptor by type_url: {0}.'.format(type_url))
>> TypeError: Can not find message descriptor by type_url:
>> type.googleapis.com/google.appengine.logging.v1.RequestLog.
>>
>> I'm wondering what the issue is here ... is it because of the type of
>>

[google-appengine] Error when using google.cloud.logging with logging.v1.RequestLog?

[Julian Bunn]

Right now we cannot use the request_logs feature for downloading our GAE 
logs (see my other thread on that problem!), so I thought I would try the 
newer google.cloud features, and get modern :-)

Here is the simple test I tried:

from google.cloud import logging
from google.cloud.logging import DESCENDING
def main():
client = logging.Client() 
for entry in client.list_entries(order_by=DESCENDING):
print entry
if __name__ == '__main__':
main()

When executing this (after setting up the gcloud credentials), there seems 
to be a problem parsing the log entries:

python GetLogsCloud.py
Traceback (most recent call last):
  File "GetLogsCloud.py", line 25, in 
main()
  File "GetLogsCloud.py", line 18, in main
for entry in client.list_entries(order_by=DESCENDING):
  File "c:\python27\lib\site-packages\google\cloud\iterator.py", line 219, 
in _items_iter
for item in page:
  File "c:\python27\lib\site-packages\google\cloud\iterator.py", line 163, 
in next
result = self._item_to_value(self._parent, item)
  File "c:\python27\lib\site-packages\google\cloud\logging\_gax.py", line 
488, in _item_to_entry
resource = MessageToDict(entry_pb)
  File "c:\python27\lib\site-packages\google\protobuf\json_format.py", line 
133, in MessageToDict
return printer._MessageToJsonObject(message)
  File "c:\python27\lib\site-packages\google\protobuf\json_format.py", line 
164, in _MessageToJsonObject
return self._RegularMessageToJsonObject(message, js)
  File "c:\python27\lib\site-packages\google\protobuf\json_format.py", line 
196, in _RegularMessageToJsonObject
js[name] = self._FieldToJsonObject(field, value)
  File "c:\python27\lib\site-packages\google\protobuf\json_format.py", line 
230, in _FieldToJsonObject
return self._MessageToJsonObject(value)
  File "c:\python27\lib\site-packages\google\protobuf\json_format.py", line 
162, in _MessageToJsonObject
return methodcaller(_WKTJSONMETHODS[full_name][0], message)(self)
  File "c:\python27\lib\site-packages\google\protobuf\json_format.py", line 
266, in _AnyMessageToJsonObject
sub_message = _CreateMessageFromTypeUrl(type_url)
  File "c:\python27\lib\site-packages\google\protobuf\json_format.py", line 
341, in _CreateMessageFromTypeUrl
'Can not find message descriptor by type_url: {0}.'.format(type_url))
TypeError: Can not find message descriptor by type_url: 
type.googleapis.com/google.appengine.logging.v1.RequestLog.

I'm wondering what the issue is here ... is it because of the type of 
logging we use on GAE?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/67b5422c-6e56-48e5-84d5-545df3341849%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-appengine] Re: request_logs GAE authentication stopped working

[Julian Bunn]

Hi Staffan,

Thanks for this suggestion - I tried it, but it didn't appear to make any 
difference. Can you tell me where you saw this issue of expired 
certificates talked out?

It looks to me as if there is something wrong with the oauth2 handling of 
the token refresh from request_logs on the Google servers? I'm wondering if 
it's related to the fact we don't use StackDriver logging, and the push 
seems to be towards that?

Julian

On Sunday, March 26, 2017 at 1:24:40 PM UTC-7, Staffan Rolfsson wrote:
>
> Hi, I got problems to deploy on 1.9.51 (updated from 1.9.48),
> and after some googling I found that it was due to expired certificates.
> Could this be a similiar problem?
> It was easy to fix on your own (as we wait for official fix?),
> - in SDK choose menu>> File>> Open SDK in explorer
> - open lib/cacerts folder
> - rename urlfetch_cacerts.txt to urlfetch_cacerts.old.txt
> - rename caccerts.txt to  urlfetch_cacerts.txt 
> - try again
> :)
> /Staffan
>
> On Friday, March 24, 2017 at 7:50:32 PM UTC+1, Julian Bunn wrote:
>>
>> Hi Nick!
>>
>> It's still occurring as of one minute ago ... using release 1.9.50
>>
>> Julian
>>
>> On Friday, March 24, 2017 at 11:41:47 AM UTC-7, Nick (Cloud Platform 
>> Support) wrote:
>>>
>>> Hey Julian,
>>>
>>> What version of the SDK are you using? And is this still occurring?
>>>
>>> Cheers,
>>>
>>> Nick
>>> Cloud Platform Community Support
>>>
>>> On Friday, March 24, 2017 at 1:14:26 PM UTC-4, Julian Bunn wrote:
>>>>
>>>> We have a process that uses the request_logs feature to download logs 
>>>> from our GAE app for archival. This has stopped working unexpectedly in 
>>>> the 
>>>> last couple of days, apparently due to an oauth2 authentication issue. I'm 
>>>> not sure if this is a problem at our end, or on the GAE side, and I'm 
>>>> struggling to debug it.
>>>>
>>>> My understanding is that when the oauth2 token has expired, it is 
>>>> refreshed automatically, but that process appears to fail.
>>>>
>>>> Here is what the logs downloader process log shows:
>>>>
>>>> python2.7 request_logs.py
>>>> 2017-03-24 08:55:05,739 INFO root: Recovered sentinel with 
>>>> timestamp: 2017-03-22 09:39:59-07:00
>>>> 08:55 AM Host: appengine.google.com
>>>> 08:55 AM Downloading request logs for app my-gae-service version 4.
>>>> 2017-03-24 08:55:05,757 INFO root: Request with offset None.
>>>> 2017-03-24 08:55:05,757 INFO oauth2client.client: access_token is 
>>>> expired. Now: 2017-03-24 15:55:05.757671, token_expiry: 2017-03-23 23:54:13
>>>> 2017-03-24 08:55:05,757 DEBUGgoogle.appengine.tools.appengine_rpc: 
>>>> _Authenticate skipped auth; needs_auth=False
>>>> 2017-03-24 08:55:05,757 DEBUGgoogle.appengine.tools.appengine_rpc: 
>>>> Sending request to 
>>>> https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
>>>>  
>>>> headers={'X-appcfg-api-version': '1'} body=
>>>> 2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
>>>> Got http error 401.
>>>> 2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
>>>> Attempting to auth. This is try 1 of 3.
>>>> 2017-03-24 08:55:05,890 INFO oauth2client.client: access_token is 
>>>> expired. Now: 2017-03-24 15:55:05.890322, token_expiry: 2017-03-23 23:54:13
>>>> 2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
>>>> _Authenticate configuring auth; needs_auth=True
>>>> 2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
>>>> Sending request to 
>>>> https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
>>>>  
>>>> headers={'X-appcfg-api-version': '1'} body=
>>>> 2017-03-24 08:55:05,974 INFO oauth2client.client: Refreshing due to 
>>>> a 401 (attempt 1/2)
>>>> 2017-03-24 08:55:05,975 INFO oauth2client.client: Refreshing 
>>>> access_token
>>>> 2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
>>>> Got http error 500.
>>>> 2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
>>>> Retrying. This is attempt 1 of 3.
>>>> 2017-03-24 08:55:08,761 DEBUGgoogle.appengin

[google-appengine] Re: request_logs GAE authentication stopped working

[Julian Bunn]

Hi Nick!

It's still occurring as of one minute ago ... using release 1.9.50

Julian

On Friday, March 24, 2017 at 11:41:47 AM UTC-7, Nick (Cloud Platform 
Support) wrote:
>
> Hey Julian,
>
> What version of the SDK are you using? And is this still occurring?
>
> Cheers,
>
> Nick
> Cloud Platform Community Support
>
> On Friday, March 24, 2017 at 1:14:26 PM UTC-4, Julian Bunn wrote:
>>
>> We have a process that uses the request_logs feature to download logs 
>> from our GAE app for archival. This has stopped working unexpectedly in the 
>> last couple of days, apparently due to an oauth2 authentication issue. I'm 
>> not sure if this is a problem at our end, or on the GAE side, and I'm 
>> struggling to debug it.
>>
>> My understanding is that when the oauth2 token has expired, it is 
>> refreshed automatically, but that process appears to fail.
>>
>> Here is what the logs downloader process log shows:
>>
>> python2.7 request_logs.py
>> 2017-03-24 08:55:05,739 INFO root: Recovered sentinel with 
>> timestamp: 2017-03-22 09:39:59-07:00
>> 08:55 AM Host: appengine.google.com
>> 08:55 AM Downloading request logs for app my-gae-service version 4.
>> 2017-03-24 08:55:05,757 INFO root: Request with offset None.
>> 2017-03-24 08:55:05,757 INFO oauth2client.client: access_token is 
>> expired. Now: 2017-03-24 15:55:05.757671, token_expiry: 2017-03-23 23:54:13
>> 2017-03-24 08:55:05,757 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> _Authenticate skipped auth; needs_auth=False
>> 2017-03-24 08:55:05,757 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Sending request to 
>> https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
>>  
>> headers={'X-appcfg-api-version': '1'} body=
>> 2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Got http error 401.
>> 2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Attempting to auth. This is try 1 of 3.
>> 2017-03-24 08:55:05,890 INFO oauth2client.client: access_token is 
>> expired. Now: 2017-03-24 15:55:05.890322, token_expiry: 2017-03-23 23:54:13
>> 2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> _Authenticate configuring auth; needs_auth=True
>> 2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Sending request to 
>> https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
>>  
>> headers={'X-appcfg-api-version': '1'} body=
>> 2017-03-24 08:55:05,974 INFO oauth2client.client: Refreshing due to a 
>> 401 (attempt 1/2)
>> 2017-03-24 08:55:05,975 INFO oauth2client.client: Refreshing 
>> access_token
>> 2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Got http error 500.
>> 2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Retrying. This is attempt 1 of 3.
>> 2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> _Authenticate configuring auth; needs_auth=True
>> 2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Sending request to 
>> https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
>>  
>> headers={'X-appcfg-api-version': '1'} body=
>> 2017-03-24 08:55:09,644 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Got http error 500.
>> 2017-03-24 08:55:09,644 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Retrying. This is attempt 2 of 3.
>> 2017-03-24 08:55:09,644 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> _Authenticate configuring auth; needs_auth=True
>> 2017-03-24 08:55:09,644 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Sending request to 
>> https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
>>  
>> headers={'X-appcfg-api-version': '1'} body=
>> 2017-03-24 08:55:10,598 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Got http error 500.
>> 2017-03-24 08:55:10,598 DEBUGgoogle.appengine.tools.appengine_rpc: 
>> Retrying. This is attempt 3 of 3.
>> 2017-03-24 08:55:10,598 INFO root: Too many retries for url 
>> https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
>> Error 500: --- begin server output ---
>>  
>>  
>> Server Error (500)
>>  
>> A server error has occurred.
>> --- end server output ---
>> 2017-03-24 08:55:10

[google-appengine] request_logs GAE authentication stopped working

[Julian Bunn]

We have a process that uses the request_logs feature to download logs from 
our GAE app for archival. This has stopped working unexpectedly in the last 
couple of days, apparently due to an oauth2 authentication issue. I'm not 
sure if this is a problem at our end, or on the GAE side, and I'm 
struggling to debug it.

My understanding is that when the oauth2 token has expired, it is refreshed 
automatically, but that process appears to fail.

Here is what the logs downloader process log shows:

python2.7 request_logs.py
2017-03-24 08:55:05,739 INFO root: Recovered sentinel with 
timestamp: 2017-03-22 09:39:59-07:00
08:55 AM Host: appengine.google.com
08:55 AM Downloading request logs for app my-gae-service version 4.
2017-03-24 08:55:05,757 INFO root: Request with offset None.
2017-03-24 08:55:05,757 INFO oauth2client.client: access_token is 
expired. Now: 2017-03-24 15:55:05.757671, token_expiry: 2017-03-23 23:54:13
2017-03-24 08:55:05,757 DEBUGgoogle.appengine.tools.appengine_rpc: 
_Authenticate skipped auth; needs_auth=False
2017-03-24 08:55:05,757 DEBUGgoogle.appengine.tools.appengine_rpc: 
Sending request to 
https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
 
headers={'X-appcfg-api-version': '1'} body=
2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: Got 
http error 401.
2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
Attempting to auth. This is try 1 of 3.
2017-03-24 08:55:05,890 INFO oauth2client.client: access_token is 
expired. Now: 2017-03-24 15:55:05.890322, token_expiry: 2017-03-23 23:54:13
2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
_Authenticate configuring auth; needs_auth=True
2017-03-24 08:55:05,890 DEBUGgoogle.appengine.tools.appengine_rpc: 
Sending request to 
https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
 
headers={'X-appcfg-api-version': '1'} body=
2017-03-24 08:55:05,974 INFO oauth2client.client: Refreshing due to a 
401 (attempt 1/2)
2017-03-24 08:55:05,975 INFO oauth2client.client: Refreshing 
access_token
2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: Got 
http error 500.
2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
Retrying. This is attempt 1 of 3.
2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
_Authenticate configuring auth; needs_auth=True
2017-03-24 08:55:08,761 DEBUGgoogle.appengine.tools.appengine_rpc: 
Sending request to 
https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
 
headers={'X-appcfg-api-version': '1'} body=
2017-03-24 08:55:09,644 DEBUGgoogle.appengine.tools.appengine_rpc: Got 
http error 500.
2017-03-24 08:55:09,644 DEBUGgoogle.appengine.tools.appengine_rpc: 
Retrying. This is attempt 2 of 3.
2017-03-24 08:55:09,644 DEBUGgoogle.appengine.tools.appengine_rpc: 
_Authenticate configuring auth; needs_auth=True
2017-03-24 08:55:09,644 DEBUGgoogle.appengine.tools.appengine_rpc: 
Sending request to 
https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
 
headers={'X-appcfg-api-version': '1'} body=
2017-03-24 08:55:10,598 DEBUGgoogle.appengine.tools.appengine_rpc: Got 
http error 500.
2017-03-24 08:55:10,598 DEBUGgoogle.appengine.tools.appengine_rpc: 
Retrying. This is attempt 3 of 3.
2017-03-24 08:55:10,598 INFO root: Too many retries for url 
https://appengine.google.com/api/request_logs?app_id=my-gae-service_all=True_vhost=False=1000_header=1=1=4
Error 500: --- begin server output ---
 
 
Server Error (500)
 
A server error has occurred.
--- end server output ---
2017-03-24 08:55:10,599 INFO root: Downloaded 0 logs

Does anyone have any idea what may be wrong here? 

Thanks!


-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/162b53b1-0949-4b9c-8076-2aa982129894%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-appengine] Some instances running unreleased version of the App Engine SDK?

[Julian Bunn]

We noticed on Sep 15 and 16 (a couple of days ago) that some of our GAE 
instances were running version 1.9.27 of the SDK, rather than the released 
version 1.9.26.

(We coincidentally had several serious issues with our application.)

Could someone please advise on how this can happen, and what we can do to 
prevent it happening in the future (i.e. force instances to only run the 
latest production release of the SDK)? Is there an application setting 
somewhere?

I apologize if this is the wrong Group for such questions.

Many thanks!
Julian

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/4ac6bcf5-9a32-40fe-ac5a-0886e4eceeb9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-appengine] Some instances running unreleased version of the App Engine SDK?

[Julian Bunn]

Thanks, PK - I will take a look at the issue you filed and comment 
accordingly.

We suffered pretty major disruption to our application, and lost many hours 
of data, unfortunately. The symptoms were extra null fields in some 
Datastore objects, which caused storage of new uploaded data from clients 
to fail, and a greatly increased Error rate from our app. 

Julian



On Thursday, September 17, 2015 at 2:22:08 PM UTC-7, PK wrote:
>
> Hi Julian,
>
> Google routinely does this when they release a new runtime that they 
> believe it is backwards incompatible. It mostly works OK but I did 
> experience downtime for several hours on July 24th because a new version 
> was rolled out that had an issue. It was a Friday, I was in an 
> intercontinental flight without internet when the roll out happened and it 
> was a small disaster. Google did take the issue seriously when I finally 
> brought it to their attention but it took many hours to get back to stable 
> ground. 
>
> I think Google can do some things to improve this. First, it needs to pass 
> some control of when we upgrade the runtime to developers hands so the 
> world does not change suddenly and unexpectedly under our feet. 
> Furthermore, as they roll out new versions they should *automatically* 
> revert applications back to the previous version if the error rate was 
> almost zero before and spikes as soon as instances in the new version come 
> onboard.
>
> I have filed this issue 
> <https://code.google.com/p/googleappengine/issues/detail?id=12355> in the 
> public tracker. I highly encourage others to star it and add your ideas 
> before you find yourselves in my or Julian’s shoes.
>
> Best 
>
>
> On Sep 17, 2015, at 12:34 PM, Julian Bunn <jjb...@gmail.com > 
> wrote:
>
> We noticed on Sep 15 and 16 (a couple of days ago) that some of our GAE 
> instances were running version 1.9.27 of the SDK, rather than the released 
> version 1.9.26.
>
> (We coincidentally had several serious issues with our application.)
>
> Could someone please advise on how this can happen, and what we can do to 
> prevent it happening in the future (i.e. force instances to only run the 
> latest production release of the SDK)? Is there an application setting 
> somewhere?
>
> I apologize if this is the wrong Group for such questions.
>
> Many thanks!
> Julian
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Google App Engine" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to google-appengi...@googlegroups.com .
> To post to this group, send email to google-a...@googlegroups.com 
> .
> Visit this group at http://groups.google.com/group/google-appengine.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/google-appengine/4ac6bcf5-9a32-40fe-ac5a-0886e4eceeb9%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/google-appengine/4ac6bcf5-9a32-40fe-ac5a-0886e4eceeb9%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> PK
> p...@gae123.com 
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/47f9d861-41de-487d-bc29-355dfd70c253%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-appengine] Re: Problem authenticating to GAE app using GoogleCredential OAuth2

[Julian Bunn]

Issue 12272:
https://code.google.com/p/googleappengine/issues/detail?id=12272

Let me know if it needs any elaboration.

Thanks again,
Julian

On Tue, Aug 18, 2015 at 4:30 PM, Nick (Cloud Platform Support) 
pay...@google.com wrote:

 Hi Julian,

 So, after some extensive testing and reading around online, it appears
 that this is no longer possible, and I encourage you to make a public
 issue tracker feature request
 http://code.google.com/p/google-appengine/issues/list explaining in
 simple terms, minus the code, your desired use-case, of making HTTP calls
 to your app on routes protected by login: admin.

 From what I can see from looking around online, the old method which used
 a certain ClientLogin endpoint to get the token passed to the server as the
 ACSID cookie is no longer active. The closest thing to signing-in with a
 service account that I could find was service account Apps domain user
 impersonation in the Server to Server OAuth2
 https://developers.google.com/identity/protocols/OAuth2ServiceAccount
 docs. After extensive testing, implementing code which built the
 credential, built an HttpTransport for it, it was not possible to get the
 app to recognize the calling java code as a login: admin user, even when
 impersonating a user which has admin status (standalone java code compiled
 with classpath by hand).

 So, feel free to post the public issue tracker feature request link in
 this thread once you've made it, and I'll be following it and helping to
 get it processed.

 Best wishes,

 Nick


 On Friday, August 14, 2015 at 5:44:08 PM UTC-4, Julian Bunn wrote:

 Hi Nick,

 Yes ... here are the relevant details (extracted from my updated question
 on stack overflow). First the secure URL specs:

 !-- Secure sensitive URLs --
 security-constraint
 web-resource-collection
 url-pattern/gcm/home/url-pattern
 url-pattern/gcm/send/url-pattern
 /web-resource-collection
 auth-constraint
 role-nameadmin/role-name
 /auth-constraint
 /security-constraint

 Previously, in the client application, I was using ClientLogin to
 authenticate with Google before calling the endpoint. This is the code I
 was using, that extracts the Auth token which it then uses as a Cookie on
 HTTP GET to the above endpoints.

 public static String loginToGoogle(String userid, String password,
 String appUrl) throws Exception {
 HttpClient client = new DefaultHttpClient();
 HttpPost post = new HttpPost(
 https://www.google.com/accounts/ClientLogin;);

 MultipartEntity reqEntity = new MultipartEntity();
 reqEntity.addPart(accountType, new StringBody(HOSTED_OR_GOOGLE,
 text/plain, Charset.forName(UTF-8)));
 reqEntity.addPart(Email, new StringBody(userid));
 reqEntity.addPart(Passwd, new StringBody(password));
 reqEntity.addPart(service, new StringBody(ah));
 reqEntity.addPart(source, new StringBody(myappname));
 post.setEntity(reqEntity);
 HttpResponse response = client.execute(post);
 if (response.getStatusLine().getStatusCode() == 200) {
 InputStream input = response.getEntity().getContent();
 String result = IOUtils.toString(input);
 String authToken = getAuthToken(result);
 post = new HttpPost(appUrl + /_ah/login?auth= + authToken);
 response = client.execute(post);
 Header[] cookies = response.getHeaders(SET-COOKIE);
 for (Header cookie : cookies) {
 if (cookie.getValue().startsWith(ACSID=)) {
 return cookie.getValue();
 }
 }
 throw new Exception(ACSID cookie cannot be found);
 } else
 throw new Exception(Error obtaining ACSID);
 }

 private static String getAuthToken(String responseText) throws Exception {
 LineNumberReader reader = new LineNumberReader(new StringReader(
 responseText));
 String line = reader.readLine();
 while (line != null) {
 line = line.trim();
 if (line.startsWith(Auth=)) {
 return line.substring(5);
 }
 line = reader.readLine();
 }
 throw new Exception(Could not find Auth token);
 }


 ​Calling the gcm endpoint:

 HttpGet get = new HttpGet(httpURL);

 get.setHeader(Cookie, authCookie);


 HttpResponse response = client.execute(get);
 response.getEntity().writeTo(System.out);
 ​
 ​where authCookie is the token obtained from loginToGoogle above.

 Thanks so much for helping with this!

 Julian​

 On Fri, Aug 14, 2015 at 2:03 PM, Nick (Cloud Platform Support) 
 pay...@google.com wrote:

 A quick question, is it possible you could provide the skeleton code for
 your client project? It appears to be a standalone java program, rather
 than a web app, yes?


 On Wednesday, August 12, 2015 at 5:00:53 PM UTC-4, Julian Bunn wrote:

 Hi Nick,

 Thanks for much for persisting with your help!

 Yes. your understanding is correct: I'd like to use a service account
 to login so that I can make

Re: [google-appengine] Re: Problem authenticating to GAE app using GoogleCredential OAuth2

[Julian Bunn]

Hi Nick,

Thanks very much for investigating this so thoroughly and following up. I
will complete a feature request, as you suggest, probably sometime tomorrow.

It's reassuring that you too were unable to make it work - I'd tried so
many different things myself, I was beginning to doubt my competence :-)

Julian

On Tue, Aug 18, 2015 at 4:30 PM, Nick (Cloud Platform Support) 
pay...@google.com wrote:

 Hi Julian,

 So, after some extensive testing and reading around online, it appears
 that this is no longer possible, and I encourage you to make a public
 issue tracker feature request
 http://code.google.com/p/google-appengine/issues/list explaining in
 simple terms, minus the code, your desired use-case, of making HTTP calls
 to your app on routes protected by login: admin.

 From what I can see from looking around online, the old method which used
 a certain ClientLogin endpoint to get the token passed to the server as the
 ACSID cookie is no longer active. The closest thing to signing-in with a
 service account that I could find was service account Apps domain user
 impersonation in the Server to Server OAuth2
 https://developers.google.com/identity/protocols/OAuth2ServiceAccount
 docs. After extensive testing, implementing code which built the
 credential, built an HttpTransport for it, it was not possible to get the
 app to recognize the calling java code as a login: admin user, even when
 impersonating a user which has admin status (standalone java code compiled
 with classpath by hand).

 So, feel free to post the public issue tracker feature request link in
 this thread once you've made it, and I'll be following it and helping to
 get it processed.

 Best wishes,

 Nick


 On Friday, August 14, 2015 at 5:44:08 PM UTC-4, Julian Bunn wrote:

 Hi Nick,

 Yes ... here are the relevant details (extracted from my updated question
 on stack overflow). First the secure URL specs:

 !-- Secure sensitive URLs --
 security-constraint
 web-resource-collection
 url-pattern/gcm/home/url-pattern
 url-pattern/gcm/send/url-pattern
 /web-resource-collection
 auth-constraint
 role-nameadmin/role-name
 /auth-constraint
 /security-constraint

 Previously, in the client application, I was using ClientLogin to
 authenticate with Google before calling the endpoint. This is the code I
 was using, that extracts the Auth token which it then uses as a Cookie on
 HTTP GET to the above endpoints.

 public static String loginToGoogle(String userid, String password,
 String appUrl) throws Exception {
 HttpClient client = new DefaultHttpClient();
 HttpPost post = new HttpPost(
 https://www.google.com/accounts/ClientLogin;);

 MultipartEntity reqEntity = new MultipartEntity();
 reqEntity.addPart(accountType, new StringBody(HOSTED_OR_GOOGLE,
 text/plain, Charset.forName(UTF-8)));
 reqEntity.addPart(Email, new StringBody(userid));
 reqEntity.addPart(Passwd, new StringBody(password));
 reqEntity.addPart(service, new StringBody(ah));
 reqEntity.addPart(source, new StringBody(myappname));
 post.setEntity(reqEntity);
 HttpResponse response = client.execute(post);
 if (response.getStatusLine().getStatusCode() == 200) {
 InputStream input = response.getEntity().getContent();
 String result = IOUtils.toString(input);
 String authToken = getAuthToken(result);
 post = new HttpPost(appUrl + /_ah/login?auth= + authToken);
 response = client.execute(post);
 Header[] cookies = response.getHeaders(SET-COOKIE);
 for (Header cookie : cookies) {
 if (cookie.getValue().startsWith(ACSID=)) {
 return cookie.getValue();
 }
 }
 throw new Exception(ACSID cookie cannot be found);
 } else
 throw new Exception(Error obtaining ACSID);
 }

 private static String getAuthToken(String responseText) throws Exception {
 LineNumberReader reader = new LineNumberReader(new StringReader(
 responseText));
 String line = reader.readLine();
 while (line != null) {
 line = line.trim();
 if (line.startsWith(Auth=)) {
 return line.substring(5);
 }
 line = reader.readLine();
 }
 throw new Exception(Could not find Auth token);
 }


 ​Calling the gcm endpoint:

 HttpGet get = new HttpGet(httpURL);

 get.setHeader(Cookie, authCookie);


 HttpResponse response = client.execute(get);
 response.getEntity().writeTo(System.out);
 ​
 ​where authCookie is the token obtained from loginToGoogle above.

 Thanks so much for helping with this!

 Julian​

 On Fri, Aug 14, 2015 at 2:03 PM, Nick (Cloud Platform Support) 
 pay...@google.com wrote:

 A quick question, is it possible you could provide the skeleton code for
 your client project? It appears to be a standalone java program, rather
 than a web app, yes?


 On Wednesday, August 12, 2015 at 5:00:53 PM UTC-4, Julian Bunn

Re: [google-appengine] Re: Problem authenticating to GAE app using GoogleCredential OAuth2

[Julian Bunn]

Hi Nick,

Yes ... here are the relevant details (extracted from my updated question
on stack overflow). First the secure URL specs:

!-- Secure sensitive URLs --
security-constraint
web-resource-collection
url-pattern/gcm/home/url-pattern
url-pattern/gcm/send/url-pattern
/web-resource-collection
auth-constraint
role-nameadmin/role-name
/auth-constraint
/security-constraint

Previously, in the client application, I was using ClientLogin to
authenticate with Google before calling the endpoint. This is the code I
was using, that extracts the Auth token which it then uses as a Cookie on
HTTP GET to the above endpoints.

public static String loginToGoogle(String userid, String password,
String appUrl) throws Exception {
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost(
https://www.google.com/accounts/ClientLogin;);

MultipartEntity reqEntity = new MultipartEntity();
reqEntity.addPart(accountType, new StringBody(HOSTED_OR_GOOGLE,
text/plain, Charset.forName(UTF-8)));
reqEntity.addPart(Email, new StringBody(userid));
reqEntity.addPart(Passwd, new StringBody(password));
reqEntity.addPart(service, new StringBody(ah));
reqEntity.addPart(source, new StringBody(myappname));
post.setEntity(reqEntity);
HttpResponse response = client.execute(post);
if (response.getStatusLine().getStatusCode() == 200) {
InputStream input = response.getEntity().getContent();
String result = IOUtils.toString(input);
String authToken = getAuthToken(result);
post = new HttpPost(appUrl + /_ah/login?auth= + authToken);
response = client.execute(post);
Header[] cookies = response.getHeaders(SET-COOKIE);
for (Header cookie : cookies) {
if (cookie.getValue().startsWith(ACSID=)) {
return cookie.getValue();
}
}
throw new Exception(ACSID cookie cannot be found);
} else
throw new Exception(Error obtaining ACSID);
}

private static String getAuthToken(String responseText) throws
Exception {
LineNumberReader reader = new LineNumberReader(new StringReader(
responseText));
String line = reader.readLine();
while (line != null) {
line = line.trim();
if (line.startsWith(Auth=)) {
return line.substring(5);
}
line = reader.readLine();
}
throw new Exception(Could not find Auth token);
}


​Calling the gcm endpoint:

HttpGet get = new HttpGet(httpURL);

get.setHeader(Cookie, authCookie);


HttpResponse response = client.execute(get);
response.getEntity().writeTo(System.out);
​
​where authCookie is the token obtained from loginToGoogle above.

Thanks so much for helping with this!

Julian​

On Fri, Aug 14, 2015 at 2:03 PM, Nick (Cloud Platform Support) 
pay...@google.com wrote:

 A quick question, is it possible you could provide the skeleton code for
 your client project? It appears to be a standalone java program, rather
 than a web app, yes?


 On Wednesday, August 12, 2015 at 5:00:53 PM UTC-4, Julian Bunn wrote:

 Hi Nick,

 Thanks for much for persisting with your help!

 Yes. your understanding is correct: I'd like to use a service account to
 login so that I can make requests to an admin route of my app.

 Under Credentials in the new Google Developers Console, I see the
 Service Account listed in the OAuth section, with its ID, email address and
 certificate fingerprints.

 Under Permissions in the Console, I have my own account and a
 maintenance account listed as Owners. On the same page, under Service
 Accounts I have three listed, all having Edit permission. One of these is
 the same account listed in Credentials. (The other two are @cloudservices
 and @developer.gservice accounts - I don't know where they came from, as I
 don't recall creating them).

 On the old version of the Developers Console, I can see that the
 Authentication Type is set to Google Accounts API. On there I can also see
 the Service Account Name but it is different from the Service Account
 listed under Credentials (above) - which is confusing me.

 The web xml for the deployment includes:

 !-- Secure sensitive URLs --
 security-constraint
 web-resource-collection
 url-pattern/gcm/home/url-pattern
 url-pattern/gcm/send/url-pattern
 /web-resource-collection
 auth-constraint
 role-nameadmin/role-name
 /auth-constraint
 /security-constraint

 These are the two endpoints I need to call from the client.

 Thanks again!
 Julian



 On Wednesday, August 12, 2015 at 1:28:20 PM UTC-7, Nick (Cloud Platform
 Support) wrote:

 Hi Julian,

 OAuth2 is a complex topic and has many methods of application, being
 just an authentication/authorization protocol, and having many possible
 uses / forms of appearance (client-server, server-server, 3-legged, etc.)

 From your comments, I can now understand you're using login: admin on a
 route of your app

Re: [google-appengine] Re: Problem authenticating to GAE app using GoogleCredential OAuth2

[Julian Bunn]

Hi Nick,

Thanks for much for persisting with your help!

Yes. your understanding is correct: I'd like to use a service account to 
login so that I can make requests to an admin route of my app.

Under Credentials in the new Google Developers Console, I see the Service 
Account listed in the OAuth section, with its ID, email address and 
certificate fingerprints.

Under Permissions in the Console, I have my own account and a maintenance 
account listed as Owners. On the same page, under Service Accounts I have 
three listed, all having Edit permission. One of these is the same account 
listed in Credentials. (The other two are @cloudservices and 
@developer.gservice accounts - I don't know where they came from, as I 
don't recall creating them).

On the old version of the Developers Console, I can see that the 
Authentication Type is set to Google Accounts API. On there I can also see 
the Service Account Name but it is different from the Service Account 
listed under Credentials (above) - which is confusing me.

The web xml for the deployment includes:

!-- Secure sensitive URLs --
security-constraint
web-resource-collection
url-pattern/gcm/home/url-pattern
url-pattern/gcm/send/url-pattern
/web-resource-collection
auth-constraint
role-nameadmin/role-name
/auth-constraint
/security-constraint

These are the two endpoints I need to call from the client.

Thanks again!
Julian



On Wednesday, August 12, 2015 at 1:28:20 PM UTC-7, Nick (Cloud Platform 
Support) wrote:

 Hi Julian,

 OAuth2 is a complex topic and has many methods of application, being just 
 an authentication/authorization protocol, and having many possible uses / 
 forms of appearance (client-server, server-server, 3-legged, etc.)

 From your comments, I can now understand you're using login: admin on a 
 route of your app, and you'd like to know how to make requests to a route 
 on your app protected in such a manner, using a service account to login. 
 Is that accurate?

 Could you let me know whether the service account is added as an admin of 
 your application in the Developers Console under Credentials and whether 
 your app's authentication method is set to Google Accounts?

 On Monday, August 10, 2015 at 8:10:35 PM UTC-4, Julian Bunn wrote:

 Hi Nick,

 Thanks ... 

 GAE is doing the authentication. My GAE app has endpoints (i.e. urls like 
 my.appspot.com/gcm/home) that can only be executed by an admin who is 
 logged in. There is nothing special I have implemented to support this, I 
 am just using Google's GAE infrastructure.

 So, in the past, all I needed to do from a client application was to call 
 ClientLogin with a user/pass pair, which would return me a token which 
 could then be sent as a Cookie in calls to the GAE endpoints.

 This worked very well! 

 Now that ClientLogin has been disabled, I am looking for an alternative 
 to it. I apparently need to use OAuth2, but there is no documentation that 
 seems to match my use case, unhappily. Use cases seem to assume the use of 
 various Google APIs, which I am not using.

 Thanks anyway.

 Julian



 On Mon, Aug 10, 2015 at 4:13 PM, Nick (Cloud Platform Support) 
 pay...@google.com javascript: wrote:

 Hi Julian,

 The example code given there might be dealing with the Drive API, but 
 APIs in this context are quite abstract, and you can easily substitute any 
 Google API. 

 Reading back over your question, I'm not sure you've supplied enough 
 information for anybody to help answer. What exactly is doing the 
 authenticating? Is your endpoint a Cloud Endpoints 
 https://cloud.google.com/appengine/docs/java/endpoints/ endpoint? 
 It's not really clear to me what is doing the authentication at your 
 endpoint. Do you just mean that you've deployed with login: admin?

 At any rate, this forum, as mentioned, isn't meant for 1-on-1 technical 
 support, so I don't think you should continue to follow-up in this thread, 
 and should either improve the stackoverflow question to clarify exactly 
 what you're expecting to happen in technical language and specifics, or 
 else post a new question which does include that information. That will 
 enable people to help you better.

 Best wishes,

 Nick



 On Saturday, August 8, 2015 at 1:51:24 PM UTC-4, Julian Bunn wrote:

 Hi Jason,

 Yes: 
 http://stackoverflow.com/questions/31816007/authentication-with-google-app-engine-service-using-googlecredential-with-a-serv

 The suggestion there involves the Google Drive API, which is not really 
 helping me, as my GAE application does not use that API.

 Julian

 On Saturday, August 8, 2015 at 9:38:00 AM UTC-7, Jason Collins wrote:

 Julian, can you post your link to your SO question?


 On Thursday, 6 August 2015 12:20:28 UTC-7, Julian Bunn wrote:

 Hi Nick,

 Many thanks - I had already posted on stackoverflow with no luck, so 
 came here :-) I do have one reply now over there, which suggests using 
 client secrets, so that is a good lead. Also your comments on the use of 
 service account

Re: [google-appengine] Re: Problem authenticating to GAE app using GoogleCredential OAuth2

[Julian Bunn]

Hi Nick,

Thanks ...

GAE is doing the authentication. My GAE app has endpoints (i.e. urls like
my.appspot.com/gcm/home) that can only be executed by an admin who is
logged in. There is nothing special I have implemented to support this, I
am just using Google's GAE infrastructure.

So, in the past, all I needed to do from a client application was to call
ClientLogin with a user/pass pair, which would return me a token which
could then be sent as a Cookie in calls to the GAE endpoints.

This worked very well!

Now that ClientLogin has been disabled, I am looking for an alternative to
it. I apparently need to use OAuth2, but there is no documentation that
seems to match my use case, unhappily. Use cases seem to assume the use of
various Google APIs, which I am not using.

Thanks anyway.

Julian



On Mon, Aug 10, 2015 at 4:13 PM, Nick (Cloud Platform Support) 
pay...@google.com wrote:

 Hi Julian,

 The example code given there might be dealing with the Drive API, but APIs
 in this context are quite abstract, and you can easily substitute any
 Google API.

 Reading back over your question, I'm not sure you've supplied enough
 information for anybody to help answer. What exactly is doing the
 authenticating? Is your endpoint a Cloud Endpoints
 https://cloud.google.com/appengine/docs/java/endpoints/ endpoint? It's
 not really clear to me what is doing the authentication at your endpoint.
 Do you just mean that you've deployed with login: admin?

 At any rate, this forum, as mentioned, isn't meant for 1-on-1 technical
 support, so I don't think you should continue to follow-up in this thread,
 and should either improve the stackoverflow question to clarify exactly
 what you're expecting to happen in technical language and specifics, or
 else post a new question which does include that information. That will
 enable people to help you better.

 Best wishes,

 Nick



 On Saturday, August 8, 2015 at 1:51:24 PM UTC-4, Julian Bunn wrote:

 Hi Jason,

 Yes:
 http://stackoverflow.com/questions/31816007/authentication-with-google-app-engine-service-using-googlecredential-with-a-serv

 The suggestion there involves the Google Drive API, which is not really
 helping me, as my GAE application does not use that API.

 Julian

 On Saturday, August 8, 2015 at 9:38:00 AM UTC-7, Jason Collins wrote:

 Julian, can you post your link to your SO question?


 On Thursday, 6 August 2015 12:20:28 UTC-7, Julian Bunn wrote:

 Hi Nick,

 Many thanks - I had already posted on stackoverflow with no luck, so
 came here :-) I do have one reply now over there, which suggests using
 client secrets, so that is a good lead. Also your comments on the use of
 service account are well taken - it looks like that may be inappropriate.

 Thanks for the pointers to the documentation, which I'd already visited
 and read but ended up being confused - as is no doubt evident from my
 question :-)

 Julian

 On Wednesday, August 5, 2015 at 4:57:26 PM UTC-7, Nick (Cloud Platform
 Support) wrote:

 Hi Julian,

 You've produced an excellent post which would belong on
 stackoverflow.com. Google Groups isn't the place to post specific
 technical issues, as this forum is meant more for general discussion of 
 the
 platform and services.

 I'll give you the advice before you post there that it seems you've
 combined examples from different kinds of OAuth flow and this might be the
 cause of your issues. I see that there's a variable emailScope - this is
 a scope which a user would actually grant to your application, not one
 which a service account could grant.

 The service account and its credentials are used to call APIs on
 behalf of your application, although I don't think I've seen this pattern
 before, where you want to call an endpoint on your own app using a service
 account. As far as I know, service accounts have only been used to
 authenticate with Google APIs, although I suppose it might be possible to
 write an endpoint which correctly authenticates it.

 You could do some more reading on OAuth2
 https://developers.google.com/identity/protocols/OAuth2, OpenID
 Connect
 https://developers.google.com/identity/protocols/OpenIDConnect?hl=en,
 Service Accounts
 https://developers.google.com/identity/protocols/OAuth2ServiceAccount,
 and the Google Identity Platform
 https://developers.google.com/identity/, and try to repost your
 question to stackoverflow.com. That would be the best action as there
 are many more users there ready to help with a technical question.

 If you would like to open a thread in this forum discussing the
 platform or services in more broad terms, starting a discussion that would
 be useful for other users to join in to, feel free to do so.

 Have a great day!

 [1] http://www.stackoverflow.com/
 [2] http://www.serverfault.com/
 [3] http://code.google.com/p/google-appengine/issues/list

 On Wednesday, August 5, 2015 at 1:32:41 AM UTC-4, Julian Bunn wrote:

 I have a GAE application with an endpoint that requires

[google-appengine] Re: Problem authenticating to GAE app using GoogleCredential OAuth2

[Julian Bunn]

Hi Nick,

Many thanks - I had already posted on stackoverflow with no luck, so came 
here :-) I do have one reply now over there, which suggests using client 
secrets, so that is a good lead. Also your comments on the use of service 
account are well taken - it looks like that may be inappropriate.

Thanks for the pointers to the documentation, which I'd already visited and 
read but ended up being confused - as is no doubt evident from my question 
:-)

Julian

On Wednesday, August 5, 2015 at 4:57:26 PM UTC-7, Nick (Cloud Platform 
Support) wrote:

 Hi Julian,

 You've produced an excellent post which would belong on stackoverflow.com. 
 Google Groups isn't the place to post specific technical issues, as this 
 forum is meant more for general discussion of the platform and services. 

 I'll give you the advice before you post there that it seems you've 
 combined examples from different kinds of OAuth flow and this might be the 
 cause of your issues. I see that there's a variable emailScope - this is 
 a scope which a user would actually grant to your application, not one 
 which a service account could grant. 

 The service account and its credentials are used to call APIs on behalf of 
 your application, although I don't think I've seen this pattern before, 
 where you want to call an endpoint on your own app using a service account. 
 As far as I know, service accounts have only been used to authenticate with 
 Google APIs, although I suppose it might be possible to write an endpoint 
 which correctly authenticates it.

 You could do some more reading on OAuth2 
 https://developers.google.com/identity/protocols/OAuth2, OpenID Connect 
 https://developers.google.com/identity/protocols/OpenIDConnect?hl=en, 
 Service 
 Accounts 
 https://developers.google.com/identity/protocols/OAuth2ServiceAccount, 
 and the Google Identity Platform https://developers.google.com/identity/, 
 and try to repost your question to stackoverflow.com. That would be the 
 best action as there are many more users there ready to help with a 
 technical question.

 If you would like to open a thread in this forum discussing the platform 
 or services in more broad terms, starting a discussion that would be useful 
 for other users to join in to, feel free to do so.

 Have a great day!

 [1] http://www.stackoverflow.com/
 [2] http://www.serverfault.com/
 [3] http://code.google.com/p/google-appengine/issues/list

 On Wednesday, August 5, 2015 at 1:32:41 AM UTC-4, Julian Bunn wrote:

 I have a GAE application with an endpoint that requires authentication, 
 which I need to call from an application (rather than from in a browser). I 
 was using ClientLogin, but that is now obsolete, so I have set up a Service 
 Account in the Google Console, and stored its keypair .p12 file so that I 
 can use the OAuth methods as described in the documentation.

 Although the GoogleCredential builder successfully returns an 
 authorization token, if I then use that token in an HTTP get call to the 
 endpoint, the response is always the Google Login page.

 Why, if I use the token, does GAE not take my application call as 
 authorized? Am I doing this all wrong or missing a step? 

 Here is the code:

 String emailAddress = ...@developer.gserviceaccount.com 
 javascript:;
 JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
 String emailScope = https://www.googleapis.com/auth/userinfo.email;;
 String keyFileName = Y.p12;
 String baseURL = http://Z.appspot.com;;
 HttpTransport httpTransport;
 try {
 httpTransport = GoogleNetHttpTransport.newTrustedTransport();

 File keyFile = new File(keyFileName);
 if(!keyFile.exists()) {
 System.err.println(Key file +keyFileName+ missing);
 System.exit(0);
 }

 GoogleCredential credential = new GoogleCredential.Builder()
 .setTransport(httpTransport)
 .setJsonFactory(JSON_FACTORY)
 .setServiceAccountId(emailAddress)
 .setServiceAccountScopes(Collections.singleton(emailScope))
 .setServiceAccountPrivateKeyFromP12File(keyFile)
 .build();

 boolean success = credential.refreshToken();
 System.out.println(Access token refresh + success);

 String token = credential.getAccessToken();

 System.out.println(Token +token);

 String uri = http://Z.appspot.com/gcm/home;;

 System.out.println(uri:  + uri);

 HttpGet get = new HttpGet(uri);
 get.setHeader(Cookie, token);

 HttpClient client = new DefaultHttpClient();
 HttpResponse response = client.execute(get);
 response.getEntity().writeTo(System.out);

 Typical output:

Access token refresh true
Token ya29.xQGG1kxxx
uri: http://Z.appspot.com/gcm/home

!DOCTYPE html
html lang=en
   head
   meta charset=utf-8
   meta content=width=300, initial-scale=1 name=viewport

[google-appengine] Problem authenticating to GAE app using GoogleCredential OAuth2

[Julian Bunn]

I have a GAE application with an endpoint that requires authentication, 
which I need to call from an application (rather than from in a browser). I 
was using ClientLogin, but that is now obsolete, so I have set up a Service 
Account in the Google Console, and stored its keypair .p12 file so that I 
can use the OAuth methods as described in the documentation.

Although the GoogleCredential builder successfully returns an authorization 
token, if I then use that token in an HTTP get call to the endpoint, the 
response is always the Google Login page.

Why, if I use the token, does GAE not take my application call as 
authorized? Am I doing this all wrong or missing a step? 

Here is the code:

String emailAddress = x...@developer.gserviceaccount.com;
JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
String emailScope = https://www.googleapis.com/auth/userinfo.email;;
String keyFileName = Y.p12;
String baseURL = http://Z.appspot.com;;
HttpTransport httpTransport;
try {
httpTransport = GoogleNetHttpTransport.newTrustedTransport();

File keyFile = new File(keyFileName);
if(!keyFile.exists()) {
System.err.println(Key file +keyFileName+ missing);
System.exit(0);
}

GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(emailAddress)
.setServiceAccountScopes(Collections.singleton(emailScope))
.setServiceAccountPrivateKeyFromP12File(keyFile)
.build();

boolean success = credential.refreshToken();
System.out.println(Access token refresh + success);

String token = credential.getAccessToken();

System.out.println(Token +token);

String uri = http://Z.appspot.com/gcm/home;;

System.out.println(uri:  + uri);

HttpGet get = new HttpGet(uri);
get.setHeader(Cookie, token);

HttpClient client = new DefaultHttpClient();
HttpResponse response = client.execute(get);
response.getEntity().writeTo(System.out);

Typical output:

   Access token refresh true
   Token ya29.xQGG1kxxx
   uri: http://Z.appspot.com/gcm/home

   !DOCTYPE html
   html lang=en
  head
  meta charset=utf-8
  meta content=width=300, initial-scale=1 name=viewport
  meta name=google-site-verification 
content=LrdTUW9psUAMbh4Ia074-BPEVmcpBxF6Gwf0MSgQXZs
  titleSign in - Google Accounts/title
  .

-- 
You received this message because you are subscribed to the Google Groups 
Google App Engine group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/547a76b0-45b3-4c74-995a-b4c98d97160d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.