Captcha Required. Manually Login to remove this.

[ricktbaker]

No matter how many times I manually login, I'm still getting this warning. Not entirely sure why yet, but figured I would post here in case anyone has seen this before.

[tinder-tylerport]

The useragent/ip has been flagged. Google uses your browser/cookie history to help verify you aren't a robot, so the captcha wouldn't appear in a normal browser

[tjbaker]

https://github.com/cevoaustralia/aws-google-auth/blob/526f08213b696fe1172ea7212cc9d64bda50b3fe/aws_google_auth/google.py#L208-L210

I am now in the same boat after using this project for a very long time. Any suggestions for resolving the captcha issue?

[stevemac007]

I wonder if there are other cookies or parameters we need to capture out of the earlier pages and pass back through to keep Google happy.

[ricktbaker]

Definitely think this needs some attention. I'm getting a bit leery about introducing this into our organization. I'd hate to get everyone converted over to it and all of the sudden have it stop working right when it's needed for something critical.

[tjbaker]

I've cleared browser caches, signed out, killed all gsuite sessions, tried with numerous browsers including incognito logging out and back in. All is well in the browser, but none of that has remedied the captcha issue for this project. I have to switch back to iam user creds to get work done.

[tjbaker]

@stevemac007 Like you said, I wonder if there are new fields required for payload. It wouldn't be the first time Google has changed this up.

https://github.com/cevoaustralia/aws-google-auth/blob/526f08213b696fe1172ea7212cc9d64bda50b3fe/aws_google_auth/google.py#L137-L159

[louahola]

I'm hitting this same issue this morning. Even changing IP/User-Agent doesn't seem to work or force a captcha in the browser.

[louahola]

I added a PR that displays the captcha image and prompts the user for the text. This works to unblock me for now, however, the captcha images are displayed every time I reauthenticate, despite Google recognizing the attempts are originating from the same device.

91

[mide]

I like the idea of displaying the captcha, if we could figure out how to make it go away after a successful auth (every time would be an awful experience).

That said, Iooked at the payload = {...} that @tjbaker pointed out. I found two hidden inputs that are not in the code that Google passes back. I do not know if they're needed or not at this point, still doing some research.

<input type="hidden" name="followup" value="https://accounts.google.com/o/saml2/initsso?idpid=<REDACTED>&amp;spid=<REDACTED>&amp;forceauthn=false&amp;from_login=1&amp;as=<REDACTED>">
<input name="flowName" type="hidden" value="<REDACTED>">

[BeardedPug]

I've also come across this problem as of today and haven't found a way round it, when is this fix going to be merged?

[brokenthumbs]

FWIW, I'm no longer getting the captcha request from Google. Unsure on what makes the captcha request show up.

EDIT: I didn't get the captcha request on Monday, but I'm seeing the captcha request today on Tuesday. Unsure about what is changing on Google's side to trigger the captcha request.

[Chandrian]

Same here, I've been unable to use it all day long and reverting to IAM user. Too bad, I really like it and was ready to recommend it in the org :(

[mide]

There is a PR to address this https://github.com/cevoaustralia/aws-google-auth/pull/91 - It can be tricky to follow the two threads, how do we feel about closing this and consolidating the conversation to just the PR now?

[mide]

Update: #91 has landed, I think this issue can be closed.

[stevemac007]

I've just run into this myself, that is either good or bad depending on how you look at it. I'll look for additional form fields that we need to post back and see if that helps with this issue.

While we have shipped #91 - I'd prefer to track issues with Captcha here until we work out what (if anything) we can do to reduce the pain.

[albertabello]

Do we have any option to try to decode the Captcha using pytesseract or a similar tool? This is very annoying for the tools we have running automatically through Jenkins. I am trying to build a solution with that but my OCR expertise is very low.

[stevemac007]

I'm pretty sure the whole point of the Captcha it to prove you are a human - I'd look at an alternate method of authentication for Jenkins into AWS instead of jumping through the Google SAML login.

[matzpwn]

@ricktbaker Hi, could you please help me how to manually login when captcha appears?

[ricktbaker]

@muffat There was a merged PR to address this, https://github.com/cevoaustralia/aws-google-auth/pull/91

[stevemac007]

Some people were reporting issues seeing the Captcha even after the image display was merged, to ensure that you always have the information available 0.0.28 has been released that will print the Captcha URL for manual review.

I'm happy to keep this issue open until we find a repeatable way to resolve this issue - but I'm not holding my breath.

[michaelajr]

91 is a good start, and definitely helps. But there's got to be a way to register the device so this does not continue to happen.

[Gujarats]

I solve this problem by upgrading the aws-google-auth to latest version which is aws-google-auth 0.0.29.

[michaelajr]

Yeah. It has not asked me to captcha for a while now. I did have have to go through the Google security emails that I got the first few times and confirm that the device was known, but since then, no captcha challenge.