Quick background

We recently launched Onslaught! Arena in the Chrome Webstore. We're using App Engine (Python) as our backend and we are integrated with Google Checkout's Webstore Licensing API.

So first off, we messed up: right when we launched, there was a bug in our app that was causing the game demo to serve even to users who had successfully paid for the game. Firstly we'd like to apologize to those users who were affected. We're happy to say that this bug got fixed the night of release.

The troubles we were (and are) having

• When we first launched, the Licensing API calls were failing. We fixed this, which caused the next two issues:
• Some users are getting served error pages instead of the game itself.
• Our app is asking for access to users' email addresses, which understandably makes them uncomfortable. (This is particularly frustrating to us because we neither need or want email addresses.)

Licensing API calls failing

So on the night of the day we launched, we noticed that users who had purchased the game were still getting served the demo. That's awful! Nobody spotted it because we obviously had access to the game ourselves, and we were also allowing Google internal beta testers access (so they couldn't have found this bug either). We put the fire out quickly (by about 1am PST) and it looks like only 2-3 users even noticed, which is good. Our apologies to any users who were affected.

Here's why it was happening. Our Python calls to user.federated_identity() were returning None on production, invalidating our Licensing API calls (since the API requires OpenID URLs). We feel that this was really easy to miss for the following reasons:

• Dev/local instances of App Engine do not support OpenID URLs at all (this used to be a documented exception, which I can't find anymore on the Google docs page). This makes debugging a serious time sink because we must push to production to test any fixes!
• The example code (this must have also been removed because I can no longer find it) suggested the use of user_id = user.federated_identity() or user.user_id() which can be tricky to debug.
• Enabling OpenID support is experimental.

Once we enabled the "Administration / Application Settings / Authentication Options / (Experimental) Federated Login" option from our App Engine dashboard, user.federated_identity() was returning the OpenID URL as expected and the Licensing API calls started working again.

Server Error pages

Enabling Federated Login has caused some other pretty nasty issues. One is that some users are getting stuck into redirect loops, ultimately resulting in error pages. We've spent a ton of time debugging, researching and otherwise trying to figure out a solution to this, with no real solid solution. There are pretty good examples of work-arounds, but they're all kind of hack jobs and still have edge cases that result in the same error. While I freely admit I'm new to both Python and App Engine, I do not currently see a bulletproof solution to this without Google fixing their OpenID implementation.

This is a serious problem and if you have experienced this error in our game yourself, we've very sorry. We're trying really hard to find a fix.

Asking for email addresses

The other issue that came up after enabling Federated Login is that the application now asks for users' email addresses when they authenticate with the app. We've seen a bunch of complaints about this in the reviews and aren't entirely sure what to do about it yet. We do not want, need or use email addresses so we'd ideally like to skip this step altogether.

Conclusion

Many of these platforms and APIs are brand-spanking-new, so problems can be expected. But some of these issues are serious showstoppers and are causing awful user experiences and seriously depleting our already limited development resources. If you have any thoughts or ideas on solutions, we're all ears! And again, if you've been affected by any of our issues, we're sincerely sorry.