search

OpenArchive / Save-app-ios

Secure Mobile Media Preservation
https://open-archive.org/
GNU General Public License v3.0
10 stars 3 forks source link

Login with Google button not working for IA setup flow #208

Closed huertanix closed 2 years ago

huertanix commented 2 years ago

When going through the IA archive setup, creating a new API keypair brings up a webview with an IA login screen, which displays an "The Google library failed to load." error.

save_ia_google_oauth_error

When visiting the IA login screens from Safari outside of Save app, however, instead of seeing that error, I see the intended Log in with Google oauth button: https://archive.org/account/login.php

This may indicate that the internal webview may not be configured to be able to display the Google oauth button, maybe due to restrictions on JS, third-party cookies or something else along those lines.

johnhess commented 2 years ago

Thanks for documenting this one. The error message is indeed an issue with Google's auth not working in a webview.

The approach we're planning on so far is a slightly broader scope: designing a better way for users to log into/upload to IA. There's enough wrong with the current flow and enough in this particular issue we can't control that a more holistic approach seems justified.

Update: Created #209 to track broader redesign of IA login.

tladesignz commented 2 years ago

Google denies login-with-Google inside webviews, because apps can inject their own JavaScript, which is needed and the whole point of webviews.

Therefore, this is a systemic issue outside of our control we will never be able to do anything about.

The only other way I could think of is asking the user for their credentials and do the web requests ourselves. Which seems like an horrible idea.

johnhess commented 2 years ago

Mostly agree, so marking this as wontfix.

One other option, though definitely not in scope for this ticket, is to create an account for the user/device (this may not be possible bc of e.g. email address verification), then dispose of the account credentials, keeping just the API keys. Feels hacky though.

tladesignz commented 2 years ago

One other option, though definitely not in scope for this ticket, is to create an account for the user/device (this may not be possible bc of e.g. email address verification), then dispose of the account credentials, keeping just the API keys. Feels hacky though.

Whoa. If I would be the Internet Archive, I would kill you for even trying something like this.