diff --git a/auth/auth_systems/google.py b/auth/auth_systems/google.py
index 0666498e87b004a08785a785f9e0861ff25cc7ea..4a50f440308d221ceb8bb6caa5c1b78f04e7b203 100644
--- a/auth/auth_systems/google.py
+++ b/auth/auth_systems/google.py
@@ -32,6 +32,9 @@ def get_auth_url(request, redirect_url):
 def get_user_info_after_auth(request):
   data = view_helpers.finish_openid(request.session, request.GET, request.session['google_redirect_url'])
 
+  if not data.has_key('ax'):
+    return None
+
   email = data['ax']['email'][0]
 
   # do we have a firstname/lastname?
diff --git a/auth/urls.py b/auth/urls.py
index 57e0f0b87ca3bf322398f30fcaddb2c41d5eadf8..9db44e420a6b0b16d98c18463db7f80865d1242e 100644
--- a/auth/urls.py
+++ b/auth/urls.py
@@ -17,6 +17,7 @@ urlpatterns = patterns('',
     (r'^start/(?P<system_name>.*)$', start),
     # weird facebook constraint for trailing slash
     (r'^after/$', after),
+    (r'^why$', perms_why),
     (r'^after_intervention$', after_intervention),
     
     ## should make the following modular
diff --git a/auth/views.py b/auth/views.py
index db68095c9578f4c644009abbc729947983593d6c..2469f9feeec35f192cf8ac636cbd0bdb3bb0861a 100644
--- a/auth/views.py
+++ b/auth/views.py
@@ -16,7 +16,7 @@ from auth_systems import AUTH_SYSTEMS
 from auth_systems import password
 import auth
 
-import copy
+import copy, urllib
 
 from models import User
 
@@ -136,6 +136,22 @@ def logout(request):
     return response
   
   return HttpResponseRedirect(return_url)
+
+def _do_auth(request):
+  # the session has the system name
+  system_name = request.session['auth_system_name']
+
+  # get the system
+  system = AUTH_SYSTEMS[system_name]
+  
+  # where to send the user to?
+  redirect_url = "%s%s" % (settings.SECURE_URL_HOST,reverse(after))
+  auth_url = system.get_auth_url(request, redirect_url=redirect_url)
+  
+  if auth_url:
+    return HttpResponseRedirect(auth_url)
+  else:
+    return HttpResponse("an error occurred trying to contact " + system_name +", try again later")
   
 def start(request, system_name):
   if not (system_name in auth.ENABLED_AUTH_SYSTEMS):
@@ -150,17 +166,13 @@ def start(request, system_name):
   # where to return to when done
   request.session['auth_return_url'] = request.GET.get('return_url', '/')
 
-  # get the system
-  system = AUTH_SYSTEMS[system_name]  
-  
-  # where to send the user to?
-  redirect_url = "%s%s" % (settings.SECURE_URL_HOST,reverse(after))
-  auth_url = system.get_auth_url(request, redirect_url=redirect_url)
-  
-  if auth_url:
-    return HttpResponseRedirect(auth_url)
-  else:
-    return HttpResponse("an error occurred trying to contact " + system_name +", try again later")
+  return _do_auth(request)
+
+def perms_why(request):
+  if request.method == "GET":
+    return render_template(request, "perms_why")
+
+  return _do_auth(request)
 
 def after(request):
   # which auth system were we using?
@@ -179,8 +191,7 @@ def after(request):
     
     request.session['user'] = user
   else:
-    # we were logging out
-    pass
+    return HttpResponseRedirect("%s?%s" % (reverse(perms_why), urllib.urlencode({'system_name' : request.session['auth_system_name']})))
 
   # does the auth system want to present an additional view?
   # this is, for example, to prompt the user to follow @heliosvoting