Open rw-ye opened 1 year ago
Support References
This comment is automatically generated. Please do not edit it.
@zaguiini It looks like the Google flow gets stuck on the redirect step back to the desktop app. Would you be able to see if you can find what's wrong with it or pair up with me tomorrow to tackle it together?
@zaguiini and I jumped on a call to discuss this ticket. He suspects that there might be missing pieces from the Google Authentication API migration (pdKhl6-lg-p2) and will take a look soon.
Useful resources to note:
They could possibly be related to how it works on desktop/Electron + GSI.
Issue persists. Unable to login to WordPress desktop app using Google authentication. The app is useless for those of us who use our Google accounts to login.
This issue had grown beyond Google login issues. Users who have set up 2FA with a security key with cannot log in. See the disucssion in this slack thread: p1717608504988349-slack-C029GN3KD
In that slack discussion this solution is proposed:
MHO we should just kick the user our of the app to WP.com in a browser to authenticate, then send them back to the electron app on success
Yes, that's exactly what we do on Studio: Remove authWindow in favor of the default browser #94 We call the OAuth page to get a token back to the Electron app, save it, and use it in each API request. Logging out just deletes the token. The login flow will be more complex for each user, though. If users need to log in through the browser, they might abandon using the desktop app. I could help with that solution, but I’m not sure if I can own it right now. In any case, happy to take a quick look tomorrow
@sejas would be a good resource for guidance on this fix for the WordPress App :)
cc: @wongasy @wojtekn
I took a look into this today and another option we may consider to solve the lack of webauthn support in Electron on MacOS is using native node modules to access ASAuthorizationController - this way it is not necessary to leave the app to go through an oauth flow on WordPress.com.
See: https://discord.com/blog/how-discord-modernized-mfa-with-webauthn
I was not able to reproduce any issues with the Google login. The only issue i had was that the security key authentication does not work.
thanks for reviewing it @jeroenpf
I took a look into this today and another option we may consider to solve the lack of webauthn support in Electron on MacOS is using native node modules to access ASAuthorizationController - this way it is not necessary to leave the app to go through an oauth flow on WordPress.com.
If we followed that path, how would we plan to support it on Windows and Linux? Would it be safer and easier for future maintenance to follow the path we took for Studio and use browser, instead of writing custom c++ code?
If we followed that path, how would we plan to support it on Windows and Linux? Would it be safer and easier for future maintenance to follow the path we took for Studio and use browser, instead of writing custom c++ code?
For Windows users, there is no problem. The security key authentication works fine there:
This problem applies to MacOS users and Linux users. The proposed solution would only solve it for MacOS users. However, afaik there are several times you need to present a security key while using Calypso (some actions require that), not just upon login. So just using the oauth flow via the browser would not solve this issue as it does for Studio.
Here is an example of the C++ code needed: https://github.com/Automattic/wp-calypso/blob/try/webauthn-via-native-node-module/desktop/src/NativeModule/native_module.mm - its not 100% functional but it should be something like this.
I investigated it for Linux and see if I could find anything to make this work. I:
d-bus
talk to 1password
when navigator.get
is accessed, to kick in the process manually1password
in electron as a plugin, just in case it works ( as it seems that there is no problem with the webauthn, just with the popup ).Unfortunately, none of what I tried worked. I guess the easiest solution will be to implement what we have in Studio.
Update on 2024 June 18
Solution to suer browser authenticaion, like the Studio app, is proposed in this slack thread: p1717704815693689/1717608504.988349-slack-C029GN3KD
Quick summary (of original Google login issue)
When trying to log in with Google on the WordPress.com desktop application, it gets stuck on a loading screen and does not proceed.
Steps to reproduce
One moment please...
What you expected to happen
Expected to be logged into my WordPress.com account by using my Google account.
What actually happened
Stuck on the loading screen
Impact
Some (< 50%)
Available workarounds?
Yes - Use WordPress.com account login instead.
Platform (Simple and/or Atomic)
No response
Logs or notes
Tested on MacOS 13.1 and Windows 10