Open ghost opened 2 years ago
Thank you for your bug report! First I thought that it might have to do something with an unfinished verification process. But as it turns out, that wasn't the case. It looks like that it's the same on Android and there is a workaround: https://community.cryptomator.org/t/problem-connecting-to-google-drive-when-participating-in-advanced-protection-program/4972
It looks like that Google is quite restrictive regarding their Advanced Protection Program for non-Google services/apps: https://support.google.com/accounts/answer/7539956?hl=en#zippy=%2Ccan-i-use-non-google-apps-services-or-apps-script-with-advanced-protection
This issue still exists, and the workaround seems to be limited: it will only allow creating/finding a vault while advanced protection is disabled. The vault will continue to work after it is re-enabled, but only on devices that granted access to their drive while it was disabled. New devices will not be able to use cryptomator. Any other suggestions?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Please agree to the following
Summary
Google Members who have enabled Advanced Protection on their accounts cannot authorize Cryptomator to access Drive. I filed this as a “bug” but I realize that it’s not a bug with Cryptomator as such, rather maybe some change that needs to be made to allow access to users with this setup.
System Setup
Cloud Type
Google Drive
Steps to Reproduce
Expected Behavior
Successful authentication of account and approved permissions for Cryptomator to read drive data
Actual Behavior
Presented with the following error message and message to developers:
Authorization Error Error 400: policy_enforced
Advanced Protection prevented your Google Account from signing in. This security feature stops most non-Google apps and services from accessing your data to keep your account protected.
[Learn more(https://support.google.com/accounts/?p=2sv_non-goog)
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google. If you’re the app developer, make sure that these request details comply with Google policies.
response_type: code code_challenge_method: S256 redirect_uri: com.googleusercontent.apps.1008971033086-g04bmhlsc1cgjisa595bbc61mk1bscfu:/oauthredirect state: y8nYvseUHr1ag1zi6tWjnUec3d2i_GZxEUBEkmYSETQ nonce: CvdY5JYUaQsJl_KGmUszpYdMw7UjAmNbXPfeuwFxaOs code_challenge: G1qLWDEfHlM_UgPqq0bB__Z7oXPfjI485I43JLpY8hk client_id: 1008971033086-g04bmhlsc1cgjisa595bbc61mk1bscfu.apps.googleusercontent.com access_type: offline scope: https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/userinfo.email openid
Reproducibility
Always
Relevant Log Output
No response
Anything else?
No response