Google Plus Sign In Cookie Policy on localhost

4
votes

I'm putting together a webapp that uses google plus signin using this guide.

I am running the webapp on localhost:8888.

Using javascript like this, things work fine:

    gapi.signin.render(thisHandle.details.buttonId, {
        'callback': mySignIn,
        'clientid': myClientId,
        'requestvisibleactions': 'http://schemas.google.com/AddActivity',
        'scope': 'https://www.googleapis.com/auth/plus.login',
        'theme': 'light',
        'cookiepolicy': 'single_host_origin',
        'accesstype': 'offline'
    });

If I change my cookiepolicy to 'http:// localhost:8888' I get:

Error: invalid_request Authority not strictly under a public suffix: localhost:8888

Request Details

response_type=code token id_token gsession scope=https://www.googleapis.com/auth/plus.login redirect_uri=postmessage access_type=offline cookie_policy=http://localhost:8888 proxy=oauth2relay874392806 origin=http://localhost:8888 state=384885884|0.12629541 client_id=[My client id] request_visible_actions=http://schemas.google.com/AddActivity authuser=0

What does Authority not strictly under a public suffix means in this context, in terms of storing user and session information? Is there a workaround that would allow me to have is running my development server? Any help much appreciated.

1
javascriptgoogle-plus

1 Answers

10
votes

For your development work, you can stick with single_host_origin or use none (less efficient). The cookie policy is more important when your signed in user might be visiting your site on multiple protocols (http & https) or with subdomains (www.example.com and support.example.com). In those cases, you'd likely want to use the cookiepolicy of http://example.com