EionRobb / purple-googlechat

A Google Chat protocol plugin for libpurple/Pidgin/bitlbee/whatever
GNU General Public License v3.0
112 stars 13 forks source link

[Bug]: purple-googlechat is unable to login #75

Open visious25 opened 1 year ago

visious25 commented 1 year ago

Hi, purple-googlechat is unable to login. Please check this link, because I hate to repeat myself.

bminer commented 1 year ago

The OAuth link in the YouTube video description no longer works. image

bminer commented 1 year ago

Side note, it would be super cool if you could use the Gnome Online Accounts to pull in any Google account credentials automatically!

fulalas commented 1 year ago

The OAuth link in the YouTube video description no longer works.

I'm facing the same issue. :(

grimmy commented 1 year ago

Yeah unfortunately google disabled the authentication mechanism that this plugin was using. Also this plugin can't use a normal google login method because then it wouldn't have access to the google chat api as google doesn't export it to third party oauth applications.

There's been a considerable amount of work put in in the background, but there's no solution yet. However it looks like there may be a solution but this plugin is going to need to need a significant amount work to get to that point.

TL;DR stuff is broke, it's going to take some time to get it all sorted.

bertiebaggio commented 1 year ago

Is there anything end users can do to help facilitate sorting out potential solutions? :)

grimmy commented 1 year ago

Not really it's a mess. But if you can think of any other google chat clients that aren't the ios version, android version, or the web version that might be useful.

bertiebaggio commented 1 year ago

I was getting all keyed up to mention mautrix/googlechat, a GChat puppeting bridge for Matrix, but glanced at auth.py and saw:

Logging into Hangouts using OAuth2 requires a private scope only whitelisted for certain clients. This module uses the client ID and secret from iOS, so it will appear to Google to be an iOS device

and

https://github.com/mautrix/googlechat/issues/85

Alas.

It seems that tulir is looking at it too, at least, so hopefully once a solution is found it can be implemented by all bridges. If it becomes possible and helpful for end-users to assist with traffic sniffing, testing, etc I'm sure you'll have some volunteers!

grimmy commented 1 year ago

I was getting all keyed up to mention mautrix/googlechat, a GChat puppeting bridge for Matrix, but glanced at auth.py and saw:

If you look closely at that repository you'll see my name too :) Actually I forgot he threw away the history when he pulled hangups in maugclib, so you won't see my name ;)

MrLint commented 1 year ago

I really hope there is some kinda work around. I wanted to get my son setup on pidgin without having to deal with the browser all the time

MrLint commented 1 year ago

So I know the plugin is looking for the oauth, is there a way to connect with the app password setup that google still has?

Holly275 commented 1 year ago

Any update on a fix to get Google Chat to work? I too hate the browser window. I miss my Pidgin and now have to keep Pidgin and Chat open at the same time. Please, please, please :)

Launcelot555 commented 1 year ago

Looks like they resolved it by using the web app API? https://github.com/mautrix/googlechat/pull/89

grimmy commented 1 year ago

Looks like they resolved it by using the web app API? mautrix/googlechat#89

Kind of. If you look closely you'll see I'm the one that did the work. The TL;DR is that the web login is used instead of the oauth out of band auth that was previously used. That requires an embedded browser, something we don't have and can't easily make work with pidgin right now. That said, I suppose we could hack together a patch that would allow you to enter the 6 cookies that are necessary and with a few other changes it could work, but that's less than ideal.

bertiebaggio commented 1 year ago

Do the cookies have a reasonable expiry time?

Cookies are at least plain text, so it's still kind of just a string like an oauth token if you squint your eyes closed hard enough. Still a pain to grab/paste nicely compared to oauth, but beggars can't be choosers.

Sure would be nice if Google hadn't killed XMPP! (and, you know, everything else they've killed)

grimmy commented 1 year ago

Yeah they're pretty clear but you need 6 of them and they'll get refreshed automatically from what I've seen since I started working on this back in April.

The real question here is if @EionRobb would want a patch to do this. But the cookie capture procedure differs a bit between firefox and chrome and I haven't tested other browsers. See https://github.com/mautrix/googlechat/blob/master/maugclib/README.md

bertiebaggio commented 1 year ago

Thanks for the info! There's presumably an automated way to get the cookie info out of Firefox / Chrome like an addon/extension†? But that's getting into the realm of hacks supporting hacks...

† Though maybe not since auth info lives there and browsers care about security? I last properly looked at getting cookies out of the browser around the IE6 days it feels like, so maybe I should stop guessing

grimmy commented 1 year ago

Thanks for the info! There's presumably an automated way to get the cookie info out of Firefox / Chrome like an addon/extension†? But that's getting into the realm of hacks supporting hacks...

Nope, all of the cookies are HttpOnly which means they can't be read from JavaScript. This is why an embedded browser is necessary.

bertiebaggio commented 1 year ago

I mean from a user perspective to get them in to mau/purple in a slightly easier way than devtools- I seem to be able to export them using cookies.txt. A few minutes of scripting would have the python dict from that!

Edit: I don't want to clutter the issue here too much, just thinking of ways to streamline the process for end users to 'do the needful' if hacks are all that are likely to work

LurkerHub commented 1 year ago

I just opened a private window, logged in, and checked the cookies on "chat.google.com" The only ones I see are: /OSID, /__Secure-OSID, /OTZ, /COMPASS, and /u/0/webchannel/COMPASS. SSID, SID, and HSID reside in ".google.com"

I've been authenticated to google chat in Pidgin for months, without it kicking me out.

There are several add-ons for both FF and Chrome that support exporting cookies to a text file. I think that adding an "import cookies from file" option to the plug-in should be doable. The more technical users can edit blist.xml directly.

smith153 commented 1 year ago

Ugh, just realized why I haven't heard from any of my friends on pidgin... looks like was stuck waiting for auth. I guess my oath key was no longer valid (set it up a year ago). So there is still no way to purple-googlechat to work now?

Potherca commented 1 year ago

Until this is resolved it might be a good idea to mention something at the top of the readme? Or at the very least pin this issue, so people (like me) don't spend all sorts of effort and time before finding out all of the other information on the interwebz is outdated and things currently don't work :disappointed:

Shdwdrgn commented 1 year ago

While my home computer lost its connection a couple months ago, I still have access to both a Windows and Linux computer which are still able to connect to google chat. Is there any information I could gather from either of these machines which might help in solving this problem, or is it simply a matter of time before those machines also expire?

In the meantime, I finally gave up and just set up my own XMPP server. Obviously can't trust Google or any of the other sites to play nicely.

Jhojoyms commented 1 year ago

@EionRobb please master, help us for this problem

Hawk777 commented 1 year ago

Is it possible to do the authentication process in a browser and copy the cookies over using the plugin as it exists today? Or does that workaround also require a patch to the plugin to make it use those cookies?

john-d-murphy commented 10 months ago

Understood that this is still an ongoing issue, just putting my hand up and saying that i attempted this today and google is still being annoying.

dchmelik commented 9 months ago

I have same problem. Embedded browser surely can't be an option because purple-googlechat also was for BitlBee, which is text-only (unless you have some text-only web browser you can embed that's going to get the information).

EionRobb commented 9 months ago

I have a maybe solution - but it's a maybe and needs a bit of verification from someone else to see if it's viable.

  1. Open this link in an incognito browser window (edit: it might only work in non-incognito?)
  2. Open dev tools, switch to Network tab and enable 'Preserve log'
  3. Login until you get the "401 error" page
  4. Look for the last "batchexecute" in the network list
  5. Look for an X-Chrome-Id-Consistency-Response header which should have "authorization_code=4/...."
  6. Copy the code, starting with and including the 4/
  7. Cross fingers
  8. Paste the 4/... code into Pidgin in the popup
bssb commented 9 months ago

I tried this method, and was able to copy the 4/ auth code, but login fails with "Bad Request".

pavolgaj commented 9 months ago

At first, 'Preserve log' should be enabled in dev tools - otherwise, it'll be cleaned after the page reload. And it works also in non-incognito. But, I got "Bad Request" when I wanted to log in to Pidgin as @bssb already mentioned.

Hawk777 commented 9 months ago

I tried this, in both Firefox and Chrome, in both incognito/private and not, and for me it failed in a different way: the login flow ended with a 400 not a 401, and there were no X-Chrome-Id-Consistency-Response headers in any of the transactions.

mkresch commented 9 months ago

Sorry to pile on; but... I also tried. In chrome only. Non-incognito, I got the 4/ auth code and had a failed login with "Bad Request" as per @bssb . In incognito mode I got a 400 error with no X-Chrome-Id-Consistency-Response as per @Hawk777 .

That said, thank you for still trying to get this working... Much appreciated!

xwin commented 8 months ago

@EionRobb , I was wondering if the login token can be obtained using this URL https://developers.google.com/oauthplayground/. I tried and could get a token similar to what I saw before. But I am not sure for which endpoint to request it.

huh02 commented 8 months ago

Logging into Pidgin stopped working for me about a week ago. I assume because the ID/OAuth has expired. The only option for me at the moment that works on Win7 is a Google Chat PWA + program that creates a button to minimize to the system tray. Another option was Google Chat in Android X86 in Virtualbox, but it was too cumbersome for autorun, window size, etc.

Holly275 commented 7 months ago

Sorry to be a pest. Any update on the 404 error so I can again use Pidgin and Chat? I really miss it and I keep seeing updates but doubt that is has the fix?

xwin commented 7 months ago

I believe the issue is related to this change - https://developers.google.com/identity/protocols/oauth2/resources/oob-migration I created a secret file based on the values in the source code and it results is saying that the client in non-secure and to upgrade to secure client. My old token still works but I don't think new token can be created using old methods. IMHO the simplest way would be to register the app and use python libraries referenced on this page: https://developers.google.com/workspace/chat/authenticate-authorize-chat-user#desktop-app

EionRobb commented 7 months ago

@xwin sadly, registering an app doesn't allow us access to all of the APIs we need.

Unless someone following this thread is/knows someone at Google who can grant special permissions to our app to be able to do so? 😄

xwin commented 7 months ago

Yes, I have tried to call a chat api from python but failed. I was able to successfully authenticate but calling the api is not allowed. I do have access to the workspace account but no client_secret file so I can't authenticate against it. Looks like this project is dead until Google allows mere mortals to use their chat API.

dchmelik commented 6 months ago

I didn't receive that response header.

tukanos commented 4 months ago

@xwin sadly, registering an app doesn't allow us access to all of the APIs we need.

Unless someone following this thread is/knows someone at Google who can grant special permissions to our app to be able to do so? 😄

What Google plan are you using? Is that for a free account or paid one?

tukanos commented 4 months ago

It also looks like this electron application - google-chat-linux does work. I tried to cruise through the code but could not find where they have the code for oauth, but I'm no javascript/electron guy.

bmomjian commented 4 months ago

I think Electron works because they have a web browser that can do oAuth, which Pidgin does not have. However, at the risk of proposing a crazy idea, I looked into using the Mutt email client to get email via IMAP from Google. The solution was to create a client id and secret in Google and store those in Mutt. Mutt doesn't have a web browser either; see https://hackmd.io/@linD026/mutt-oauth2 It would be interesting to know how Mutt does it with no web browser.

tukanos commented 4 months ago

I think Electron works because they have a web browser that can do oAuth, which Pidgin does not have. However, at the risk of proposing a crazy idea, I looked into using the Mutt email client to get email via IMAP from Google. The solution was to create a client id and secret in Google and store those in Mutt. Mutt doesn't have a web browser either; see https://hackmd.io/@linD026/mutt-oauth2 It would be interesting to know how Mutt does it with no web browser.

Great idea, I have checked Evolution's google OAuth2 and it also looks good.

Holly275 commented 2 months ago

Just checking, non technical user, I assume we still can't use pidgin for Google Chat? Hoping I missed something. I still miss my pidgin.

bmomjian commented 2 months ago

@Holly275 Yes, that is my assumption. I have been using Google Chat in my browser.

tramtrist commented 1 month ago

Really miss being able to use this :( Ive tried cracking the OAuth issue over the last couple month through various methods and have failed each time :/ even tried using this: https://www.youtube.com/watch?v=_TjRgW6ViYo