I am using AuthSub to access Google Analytics API Data. I think I must be doing something wrong because it requires the end user to provide the google password twice. Here are the steps:
- My application makes AuthSubRequest call.
- Google returns with a html page which has a google account login form. This page has a post to google.
- I display the page returned in step (2) within my site. So it is a google login page but the url is a page on my domain. In my point of view, this looks as if my site is "faking" a google login.
- The user enters email and password. On successful login they are redirected to a login page on the google domain. The email address is already specified, but the password is required again.
- Once the user successfully authenticates, the browser is redirected to the url I specified in the "Next" parameter.
Is this correct sequence? I would have thought only one authentication is required directly from the google site. Instead I am rendering a google login from my own site only to have the user redirected to google to authenticate again.
Thanks.