Databases
StackOverflow2013
Postsdbo
POSecure remote_api in app engine with OpenID
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSecure remote_api in app engine with OpenID
    text
    copied!<p>I previously asked a <a href="https://stackoverflow.com/questions/2981226/app-engine-remote-api-with-openid">question</a> about using app engine's remote_api with openID, and the answer worked well, both securely and insecurely. At some point soon after, however, something in app engine changed, and the solution no longer worked securely - i.e. the following</p> <pre><code>remote_api_stub.ConfigureRemoteDatastore(app_id=app_id, path='/remote_api', auth_func=auth_func, servername=host, secure=True) </code></pre> <p>stopped working (always returning 302), and I needed to remove the secure argument to get it to work.</p> <p>The <a href="http://groups.google.com/group/google-appengine/browse_thread/thread/6a481b951118b4f2/e4b290f4811fb125#e4b290f4811fb125" rel="nofollow noreferrer">release of the 1.3.5 SDK</a> promised 'Remote API commands can be sent over HTTPS or HTTP', which confused me, as I was under the impression that providing the 'secure=True' argument had been giving me this already, based on <a href="http://groups.google.com/group/google-appengine/browse_thread/thread/cec8a895d08335b4/9f474dc0848a4ca8?q=#9f474dc0848a4ca8" rel="nofollow noreferrer">this discussion</a>.</p> <p>My suspicion is that it was the release of this feature that caused the 'secure' argument to stop working. So the first part of my question - was I actually running remote_api commands securely by using the 'secure=True' argument, prior to the release of 1.3.5?</p> <p>Once the cookie hack stopped working securely, I tried out Nick Johnson's solution listed in the same question, but with this also, I could not supply 'secure=True', getting the same 302 response.</p> <p>What do I need to do to run remote_api securely with openID? Does 1.3.5 include new capabilities around this, and how do I use them? Cheers,</p> <p>Colin</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload