Google 'Tap yes' 2-step Verification not working

[Holf]

Please see the screenshot:

I get the correct prompt coming up on the phone. However, when I click Yes on the phone:

Actual Behaviour:

Nothing further happens in the WPF GUI.

Expected Behaviour

The Verification Pop-up closes and I am authenticated.

[jerriep]

I am not sure how you get this screen. The only 2-step verification options I have is for either using Google authenticator, or for receiving a call with the code.

Is this something which is specific for Android users?

[Holf]

Yes, it is something for Android users although I believe it's now available on IOS too.

I've done a bit of network sniffing and unfortunately the calls are entirely in the AJAX / Sockets domain. I know it is really tricky to do anything AJAXy with System.Windows.Forms.WebBrowser.

I wonder if it is possible to configure Google Auth so it would do a redirect on success / failure for this auth option. I've not found anything that indicates this is so...

[jerriep]

I want to ask you to please have a look at the WPF/WinForms Quickstart which uses the new Auth0 OIDC Client. For this one, the WPF sample actually uses the WPF Web Browser control, and not the Windows Forms one. Perhaps the behaviour of that one may be different.

Download the sample project from the quickstart over here: https://auth0.com/docs/quickstart/native/wpf-winforms

Let me know how this one behaves

[Holf]

I've tried this out and the behaviour is exactly the same, unfortunately.

[jerriep]

@Holf

OK, this one is a bit difficult as I believe your issues stem from the fact that the Browser component is does not support all of the stuff the Google website is doing.

However, the Auth0 OIDC Client is build on top of the IdentityModel Oidc Client, which has an extensible model which allows you to swap out the browser which is launched.

In the sample below, I made use of this capability to launch the system web browser, and then register an HttpListener which listens for the callback from Auth0, in order to complete the authentication flow. It may bot be 100% ideal for you, but I think this would at least render the Google pages correctly: https://github.com/auth0-community/auth0-WinFormsWPF-oidc-samples/tree/master/Samples/WPFSystemBrowser

Let me know what you think of it, then we can perhaps iterate from here.

[Holf]

It's an interesting idea. I've tried it and the 2-step verification process completes.

I end up with the browser window saying: Authentication is completed. You can now close the browser and return to the application.

And the result in the WPF Result window is: Error redeeming code: Unauthorized / no description.

Even though the auth attempt fails, the cycle itself does complete, which is progress.

My default browser happens to be Chrome, which does indeed sort out the rendering issues. However, there is no guarantee that clients will have this (although the later versions of IE they are probably using will likely not have the same rendering issues as the WPF Web Browser does).

Also, the Auth Window appears as a new Tab in an existing Chrome Browser, which is a bit of a jarring experience. Are you thinking that you might try to get a new Chrome Instance to start up, perhaps in some sort of modal fashion? All in all, it seems to me there are some technical challenges to overcome here.

I have been experimenting with using CefSharp with a fair degree of success. It renders a Chromium browser window nested in a WPF component, and you have full control over the lifecycle. I've actually used the JavaScript Auth0 Component on the Chromium WPF page and handled everything from there. It all seems to work pretty well.

I'll extract what I've done and share it if you think it would be useful? Although I won't be able to do this for a few days.

[jerriep]

@Holf Yeah, I think you are not going to find a solution which is 100% ideal - unfortunately. We are at the mercy of a lot of other things, and it seems all those aspects do not seem to work too well in this case.

If you put together a working sample using CefSharp I would really appreciate it if you can submit a PR which adds it to the samples folder of the auth0-community/auth0-WinFormsWPF-oidc-samples repository: https://github.com/auth0-community/auth0-WinFormsWPF-oidc-samples

Even if you just send me a .zip file with the sample, that will also be ok. I can add it to the repository myself. I think this may be helpful to other people.

[Holf]

@jerriep well, I started on the CefSharp solution but then I came across some further info on the WPF WebBrowser control and how it doesn't, by default, emulate the version of IE currently installed on the host machine. It is, however, possible to specify the emulation mode by making a registry change. This registry change is specific to the running application, so doesn't affect any other apps using WebBrowser.

Once a more modern browser is emulated, everything works perfectly. (And the formatting issue #29 is also sorted out.)

Please have a look at the draft PR here and let me know what you think: https://github.com/auth0-community/auth0-WinFormsWPF-oidc-samples/compare/master...Holf:master

[Holf]

... forgot to mention, I added a 'Logout' button which clears cookies, making it easier to do subsequent fresh auth attempts. As with everything else using WebBrowser, this is not straightforward to do!

[jerriep]

@Holf Thanks, I will look into this later in the week :)