3

Using app engine's User service, when a user is first prompted to sign-in to our site using their Google account, they are shown a UI (by google) that allows them to choose which of their Google accounts to use. That Google account is then associated with our app and they remain 'signed in' to our site until that expires.

Is there a way for us to allow our users (after signing in) to change which of their Google account they use for our site, without first logging them out of all google properties (gmail, etc)?

Having read the docs it seems there is not, but perhaps someone knows a reliable hack, e.g. removing certain cookies?

tom
  • 2,189
  • 2
  • 15
  • 27
  • Why not to redirect him on sign-in url again? – Dmytro Sadovnychyi Jan 05 '15 at 11:16
  • 1
    AFAICT, a signin url created by `create_login_url` when visited by a signed in user (as is my case) will redirect the user to the specified `dest_url` w/o displaying a UI where they can select a different account. Interestingly, urls generated by `create_login_url` have a `passive=true` parameter, which when changed to `passive=false` mean that a UI (where a different account can be selected) is shown even for signed in users. But I dont know how robust this hack is.. – tom Jan 05 '15 at 14:09
  • Use `urlparse` to change this param, I don't think that you will find a better option to do it. – Dmytro Sadovnychyi Jan 05 '15 at 14:11
  • 1
    thanks, changing the the url param is easy. but the issue is whether that works reliably, and whether it has side effects. do you have experience of changing that parameter. i cant find info about anyone else trying it.. – tom Jan 05 '15 at 14:43
  • Alas, it's been a long-open issue, see e.g https://code.google.com/p/googleappengine/issues/detail?id=5602 ; I've experimented with the various tricks recommended in the course of that long thread, and elsewhere too such as at https://p.ota.to/blog/2014/2/google-multiple-sign-in-on-app-engine/ , but none seems to work reliably for me -- and of course even if some one trick did work now, it could break anytime if undocumented internals change:-(. – Alex Martelli Jan 07 '15 at 18:13
  • Thanks @AlexMartelli. I read the issue thread and added my comment. Do you have any thoughts on the `passive=false` idea? It sounded like in 2011 the ACSID solution was proposed by the Google staff. Do you know whether it's still 'sanctioned' ? – tom Jan 08 '15 at 19:54
  • @tom, as I mentioned I tried all the various workarounds, and none seems to work reliably for me. – Alex Martelli Jan 08 '15 at 22:11

0 Answers0