ERROR: Authentication token not available, cannot login.

[dheerajbhaskar]

I'm getting this error when I try to login into the addon.

Not sure, but this might be related to #20 What are the potential options we have if it is related to that?

Details

• I'm using win8.1 x64
• I got the GSF id from the evoz app (Uninstalled their extension because you'd mentioned they've spyware; btw I got the same error on their extension also)
• I'm using 2FA; used app password for this

Let me know if more details are needed.

[dheerajbhaskar]

I'm motivated enough to do a fix and give a pull request. I'd need your guidance on what to do. Implement oauth maybe?

[Lekensteyn]

OAuth2 is documented at https://developers.google.com/identity/protocols/OAuth2, but it might not be appropriate because it needs a consumer id/secret. I suggest to perform a SSL MitM against the Android device and attempt a registration from that.

In the past I have used OWASP Webscarab for that purpose, but it has some race condition issues. Its suggested replacement is OWASP Zed.

[dheerajbhaskar]

I’m currently looking at this: https://developer.chrome.com/extensions/tut_oauth to implement oauth. You don’t need consumer id/secret, based on the excerpt below from the above link:

In the context of an extension, this flow gets a bit tricky. Namely, there is no established consumer key/secret between the service provider and the application. That is, there is no web application URL for the user to be redirected to after the approval process.

Luckily, Google and a few other companies have been working on an OAuth for installed applications http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.htmlsolution that you can use from an extension environment. In the installed applications OAuth dance, the consumer key/secret are ‘anonymous’/’anonymous’ and you provide an application name for the user to grant access to (instead of an application URL).

If we do an MitM on the android device, then a) we are adding additional dependencies i.e. dependent on the MitM proxy project b) making it difficult for an end user to use. I suggest we explore the straightforward way of getting a token (that might be the only thing that’s broken in this extension).

Please let me know your thoughts. ​

On Tue, Jul 7, 2015 at 2:43 AM, Peter Wu notifications@github.com wrote:

OAuth2 is documented at https://developers.google.com/identity/protocols/OAuth2, but it might not be appropriate because it needs a consumer id/secret. I suggest to perform a SSL MitM against the Android device and attempt a registration from that.

In the past I have used OWASP Webscarab https://www.owasp.org/index.php/OWASP_WebScarab_Project for that purpose, but it has some race condition issues. Its suggested replacement is OWASP Zed https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.

— Reply to this email directly or view it on GitHub https://github.com/Lekensteyn/apk-downloader/issues/22#issuecomment-119000070 .

[Walkman100]

http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html%3Esolution ?

[Lekensteyn]

@dheerajbhaskar The MitM suggestion was a suggestion for developers that want to debug the login process, it was not intended as an end-user solution. This approach was also used in the past to get the current login procedure.

@Walkman100 Drop the part after the >. It redirects to https://developers.google.com/identity/protocols/OAuthForInstalledApps which is marked deprecated (like the ClientLogin method) and may be removed in the future. If it is easier for now, go for it!

[dheerajbhaskar]

That makes good sense, Peter.

Thanks for pointing out the deprecation notice(don't know how I missed it :P). I'm sure there's a tutorial for oauth 2.0 as well. Will figure it out.

Would it be okay if I asked you (and others here) for some help on implementing this?

Also how would I do that? As a pull request from a forked repo or as an issue? Please let me know.

On Wed, Jul 8, 2015 at 2:01 AM, Peter Wu notifications@github.com wrote:

@dheerajbhaskar https://github.com/dheerajbhaskar The MitM suggestion was a suggestion for developers that want to debug the login process, it was not intended as an end-user solution. This approach was also used in the past to get the current login procedure.

@Walkman100 https://github.com/Walkman100 Drop the part after the >. It redirects to https://developers.google.com/identity/protocols/OAuthForInstalledApps which is marked deprecated (like the ClientLogin method) and may be removed in the future. If it is easier for now, go for it!

— Reply to this email directly or view it on GitHub https://github.com/Lekensteyn/apk-downloader/issues/22#issuecomment-119327506 .

[Rob--W]

@dheerajbhaskar

The typical workflow is:

1. Fork repo to your own Github profile.
2. Locally clone your github repo.
3. Create a new branch and check it out, do some changes, commit and push to your own fork.
4. From your fork, generate a pull request.
5. After getting feedback, do some changes and push to your fork. Github will automatically update the pull request.

Please share your code (e.g. via a pull request) if you have any questions about the implementation. That makes it easier to point to issues in the code and provide suggestions.

[dheerajbhaskar]

Thanks a bunch Rob for taking the time to type this out on detail. I shall do the same.

I shall create a pull request when I need your help or need to contribute my changes.

Thanks again, Rob. On 08-Jul-2015 2:12 pm, "Rob Wu" notifications@github.com wrote:

@dheerajbhaskar https://github.com/dheerajbhaskar

The typical workflow is:

1. Fork repo to your own Github profile.
2. Locally clone your github repo.
3. Create a new branch and check it out, do some changes, commit and push to your own fork.
4. From your fork, generate a pull request.
5. After getting feedback, do some changes and push to your fork. Github will automatically update the pull request.

Please share your code (e.g. via a pull request) if you have any questions about the implementation. That makes it easier to point to issues in the code and provide suggestions.

— Reply to this email directly or view it on GitHub https://github.com/Lekensteyn/apk-downloader/issues/22#issuecomment-119500440 .

[dheerajbhaskar]

@Lekensteyn @Rob--W @Walkman100 please do take at the pull request #23 which attempts to fix this issue.

[xty]

I can confirm the same issue on Chromium Version 48.0.2564.82 Ubuntu 15.04 (64-bit). I logged out as the extension stopped working on all apps that I tested on Google Play, only to find out I cannot login again. At the moment, there're no working free and open source alternatives that I'm aware of. Please keep up the good work.

[dSeeder]

any luck with this? i still cant login with this issue. ERROR: Authentication token not available, cannot login.

Peter, any chances of solving this? this is old for for than 4 years..

[georgesuba]

Hi, well I have same issue.. token not available..

[Malachiasz]

I have the same issue with the newest Mac OS version: 2.1.7

[Berkhan]

No solution or alternative? anyone is here?

[gerardramosm89]

Having the same issue here. Not sure if it is a matter of OAuth, I haven't tried logging in, I just downloaded the desktop app for windows, and upon first install and clicking login it already gives me the failure.