0

I am using the Google Identity Toolkit on app engine.

Everything works fine when testing on localhost

But when I deploy on app engine, the gtoken cookie is not sent to the server. It is not present in the headers request as shown in the first screenshot. (left part is localhost, gtoken is set properly, right part is on app engine, no gtoken present).

I am using the 1.1.0-beta version of the google identity toolkit. The sign-in functionality works fine both on localhost and on app-engine. What fails is when I call one of my api endpoints (gtoken not present in headers when deployed, but works locally).

The problem is happening whether I user Chrome or Firefox, no ad-block etc. The second screenshot shows that the cookie is present (localhost and app engine). It is just not sent in the headers, so I cannot validate the token on the server side.

What could be causing the gtoken cookie not to be set properly when I deploy on app engine?

To me, that sounds like a CORS issue, I am not sure how to tweak the gapi client headers to make sure it sends the gtoken cookie properly... (https://cloud.google.com/appengine/docs/java/endpoints/consume_js)

Request headers. Left is localhost, Right is on App Engine

Cookie on localhost (left) and app engine (right)

Julien
  • 3,613
  • 2
  • 23
  • 25
  • Are you using a custom domain? Respectively, are you performing a cross domain request with javascript. If so: try setting withCredentials flag to true as shown in various questions like this one: http://stackoverflow.com/questions/17114081/ – konqi Oct 05 '15 at 14:42
  • I am using the default app-engine `*.appspot.com address`, e.g. `https://my-application.appspot.com`, no custom domain. – Julien Oct 05 '15 at 15:14
  • afaik appengine removes custom headers from incomming requests – Zig Mandel Oct 05 '15 at 16:32
  • this https://cloud.google.com/appengine/docs/java/requests#Java_Request_headers – Zig Mandel Oct 05 '15 at 16:33
  • Zig, Thanks for your link. App engine does some sanitizing etc, but here the gtoken cookie is not even present in the request sent to the google cloud endpoint, which is my problem. the cookie is sent just fine when deploying locally though, as shown in the screenshots.. – Julien Oct 05 '15 at 19:45

0 Answers0