So first off, we messed up: right when we launched, there was a bug in our app that was causing the game demo to serve even to users who had successfully paid for the game. Firstly we'd like to apologize to those users who were affected. We're happy to say that this bug got fixed the night of release.
So on the night of the day we launched, we noticed that users who had purchased the game were still getting served the demo. That's awful! Nobody spotted it because we obviously had access to the game ourselves, and we were also allowing Google internal beta testers access (so they couldn't have found this bug either). We put the fire out quickly (by about 1am PST) and it looks like only 2-3 users even noticed, which is good. Our apologies to any users who were affected.
Here's why it was happening. Our Python calls to
user.federated_identity() were returning
None on production, invalidating our Licensing API calls (since the API requires OpenID URLs). We feel that this was really easy to miss for the following reasons:
user_id = user.federated_identity() or user.user_id()which can be tricky to debug.
Once we enabled the "Administration / Application Settings / Authentication Options / (Experimental) Federated Login" option from our App Engine dashboard,
user.federated_identity() was returning the OpenID URL as expected and the Licensing API calls started working again.
Enabling Federated Login has caused some other pretty nasty issues. One is that some users are getting stuck into redirect loops, ultimately resulting in error pages. We've spent a ton of time debugging, researching and otherwise trying to figure out a solution to this, with no real solid solution. There are pretty good examples of work-arounds, but they're all kind of hack jobs and still have edge cases that result in the same error. While I freely admit I'm new to both Python and App Engine, I do not currently see a bulletproof solution to this without Google fixing their OpenID implementation.
This is a serious problem and if you have experienced this error in our game yourself, we've very sorry. We're trying really hard to find a fix.
The other issue that came up after enabling Federated Login is that the application now asks for users' email addresses when they authenticate with the app. We've seen a bunch of complaints about this in the reviews and aren't entirely sure what to do about it yet. We do not want, need or use email addresses so we'd ideally like to skip this step altogether.
Many of these platforms and APIs are brand-spanking-new, so problems can be expected. But some of these issues are serious showstoppers and are causing awful user experiences and seriously depleting our already limited development resources. If you have any thoughts or ideas on solutions, we're all ears! And again, if you've been affected by any of our issues, we're sincerely sorry.