How to configure the return in AMP-Access?

Question

In theory when the AMPByExample server receives the POST request from the login page, if the credentials are correct, it will redirects the request to the URL of returnURL and the parameter is added success = true. Once done, the AMP execution time can finally authorize the page.

The login page is the following:

login.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login Page</title>
    </head>
    <body>
        <form method="post" action="loginauthorization">
        Correo Electronico: <input type="text" name="correo"><br>
        Contraseña: <input type="password" name="clave"><br>

        <input name="returnurl" type="hidden" value="https://cdn.ampproject.org/v0/amp-login-done-0.1.html?url=https%3A%2F%2Fampbyexample.com%2Fplayground%2F">
        
        <input type="submit" value="Ingresar">
        </form>
    </body>
</html>

As you can see, in the returnurl it is the same login URL ofAmpByExample and it does not work.

I already tried to make my own url in the following way:

<input name="returnurl" type="hidden" value="https://cdn.ampproject.org/v0/amp-login-done-0.1.html?url=http%3A%2F%2Flocalhost%3A8084%2Fmypage%2Fpanel.jsp">

And it doesn't work either.

In the servlet loginauthorization.java I receive thatreturnurl and I add the # success = true (supposedly I must verify username and password, but I want to make it work first).

loginauthorization.java:

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.*;

public class loginauthorization extends HttpServlet {
    @Override
	protected void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
     try{
      response.setContentType("text/html");
     
//I get the parameters
      String email = request.getParameter("correo");
      String password = request.getParameter("clave");
      String url = request.getParameter("pageurl");
      int ridini = url.indexOf("rid=")+4;
      int ridend = url.indexOf("&url=");
      String rid = url.substring(ridini, ridend);
      String returnurl = request.getParameter("returnurl");
      
//assuming that the username and password are correct, add to the returnurl success true
      returnurl= returnurl + "#success=true";
      
//create a session    
      HttpSession session=request.getSession();
      session.setAttribute("umail",email);
      session.setAttribute("upass",password);
      session.setAttribute("rid",rid);
      session.setAttribute("returnurl",returnurl);
      
      
//redirect after login with the success = true      
      response.sendRedirect(returnurl);
      
    }catch(Exception exp){
       System.out.println(exp);
     }
  }
}

The configuration of the panel is as follows:

panel.jsp

<script id="amp-access" type="application/json">
    {
        "authorization": "http://localhost:8084/mypage/jsonauthorization",
        "noPingback": "true",
        "login": {
          "sign-in": "/mypage/login.jsp?rid=READER_ID&url=CANONICAL_URL&return=RETURN_URL",
          "sign-out": "/mypage/endsession"
        },
        "authorizationFallbackResponse": {
            "loggedIn": false
        },
        "type": "server"
    }
  </script>

The jsonauthorization prints{"loggedIn": true}or{"loggedIn": false}:

jsonauthorization.java

import java.io.*;
import javax.servlet.http.*;

public class jsonauthorization extends HttpServlet {
  public void doGet(HttpServletRequest request, HttpServletResponse response){
  try{
      
      response.setContentType("application/json");
      response.setHeader("AMP-Access-Control-Allow-Source-Origin", "http://localhost:8084/mypage");
      PrintWriter pwriter = response.getWriter();
      HttpSession session=request.getSession(false);
      
      if(session != null){
        String email=(String)session.getAttribute("umail");
        if(email==null){
            session.invalidate();
            pwriter.print("{\"loggedIn\":false}");
            
        }else{
            String rid;
            rid = (String) session.getAttribute("rid");
            Cookie AmpCookie = new Cookie("authorized",rid);
            AmpCookie.setPath("/");
            AmpCookie.setDomain("/mypage");
            response.addCookie(AmpCookie);
            pwriter.print("{\"loggedIn\":true}");
        }
      }else{  
        pwriter.print("{\"loggedIn\":false}");
      }
      pwriter.close();
        
  }catch(Exception exp){
      System.out.println(exp);
   }
  }
}

I appreciate the answers, if the error is not in the returnurl please tell me where :P

Answer 1

I figured out, it is not necessary to configure the return url. Simply add the hidden input inside the html in order to close the login window and read the json url approving the login.

Just like this:

<input name = "returnurl" type = "hidden" value = "https://cdn.ampproject.org/v0/amp-login-done-0.1.html">

Then, if the json url aproves the login it will works.

Actually the code is fine, the problem was in the json generator file. CORS problems. Is necessary to set the header "AMP-Access-Control-Allow-Source-Origin" right.

Answer 2

I am also trying to figure out AMP integration with login/registration. Not sure if this will help, but I found that the return url is automatically added to the url param, so you don't necessarily have to add it to your sign-in url within your initialization json object.