Google Oauth2 not working on 0.42.5

[josh83abc]

Hello!

I can't make the Google Oauth2 working on 0.42.5, I get all the time the "something went wrong" error at the end of login, exactly like this post : https://github.com/nwjs/nw.js/issues/6728

I tried messing up with : "node-remote", "web_accessible_resources", flags#account-consistency, trying older versions, google api console... but no luck!

My code works fine on Chrome, iOS, Android but not NWJS.

Do anyone is using Google Oauth2 in a NWJS application?

Thanks a lot, I'm really stuck on this for days... :/

PS : the way I am using Google Oauth is window.open("https://accounts.google.com/o/oauth2/v2/auth?client_id=365700331050-jojs37o29633d11ld48e37n08fsecdvl.apps.googleusercontent.com&response_type=code&scope=openid&redirect_uri=https://you.dj/server/gplogin2.php&state=10 called from http://localhost:8082

PS2 : Facebook Oauth works fine (using the same code)

[josh83abc]

PS3 : today I try 2 other methods to use Google login :

1. Using the chrome extension API : chrome.identity.getAuthToken()....(https://developer.chrome.com/apps/app_identity)

2. Using the Google Login JS API : gapi.auth2.init() .... (https://developers.google.com/identity/sign-in/web/sign-in)

Same problem, at the end of the login phase, I got the "something went wrong" and Google replies with an error 401 (unauthorized) and a strange content :

)]}'
[[["er",null,null,null,null,401,null,null,null,16]
,["e",2,null,null,81]
]]

[josh83abc]

PS4 : I was shipping my app since 2018 with v0.31.2 and the Google login worked well at that time. But I noticed that on that version (v0.31.2), the Google login is now broken too (same something went wrong error...). So Google changed something for sure.

I'm really stuck with this, I would love some advice. Thanks a lot!

[josh83abc]

Ok great to see you are on it rogerwang!!! Thanks again, let me know :)

[rogerwang]

Could you please provide a sample? I tried signing into gmail in NW.js and it works well: /path/to/nw --url=https://mail.google.com

[josh83abc]

I just tried your simple example (loging in gmail with nw --url=https://mail.google.com) and it doesn't work on my computer, same error (403 unauthorized). I am a bit confused :/ I am on v0.42.5 sdk on Windows. Let me try on Mac and with another connection too.

[josh83abc]

Ok so I tried on PC and Mac and on several internet connections.

On SDK version Google signin gives this not helpful error message : something went wrong... BUT on the normal version the error is : Couldnt sign you in. You are trying to sign in from a browser or app that doesn't allow us to keep your account secure

I made a video to show the problem : https://you.dj/google_signin_problem.mp4

Also apparently in Google disabled sign-in on some embedded browser framework : "Because we can’t differentiate between a legitimate sign in and a MITM attack on these platforms, we will be blocking sign-ins from embedded browser frameworks starting in June 2019" https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html

What version of NWJS did you try?
It would be amazing if you can investigate on this Roger, my app is based on Google signin for user accounts and app activation. thanks a lot!!

[josh83abc]

ps : I found someone having the same problem with electron : https://github.com/johannesjo/super-productivity/issues/258 It looks like only some Google accounts are affected but 3 of mine are but maybe not yours. I tried to changed the userAgent as proposed in the post above but no luck... I guess Google can detect tampered user agent pretty easily.

[rogerwang]

Did you try the latest 0.42.6?

[josh83abc]

Yes I used the 0.42.6 for my recent tests as you can see on the video I posted : https://you.dj/google_signin_problem.mp4

Also, since it looks like that the problem is apparently not on your gmail account, I made a new account which shows the problem. login : nwjs.test@gmail.com pass : nwjs.test.123

So regarding the Google security post of April 2019, it looks like Google oauth is being disabled or will be disabled for NWJS for sure right?

[rogerwang]

I just tried your account with this build and it proceeds to the step of verifying with your mobile phone. http://dl.nwjs.io/live-build/nw43/20191207-162000/0181cca2f/v0.43.0/

[josh83abc]

I tried with v0.43.0, it doesnt work, same problem... I am based in Europe, maybe this counts. The electron post mention that some people have the problem and some people have not. So it looks like the Google blocking is only partially in place for now. My main concern is that NWJS is included when Google says "we will be blocking sign-ins from embedded browser frameworks starting in June 2019". What do you think Roger?

[rogerwang]

I think whatever works in the Chromium open source browser, should be able to work in NW. Thanks.

You could try reproducing it in your system with a US based VPN to see whether it's related.

[josh83abc]

I just tried in a MacOS cloud VM hosted in LA, it doesn't work. So my workaround is to open Chrome for the login (nw.gui.Shell.openExternal) and it works fine. I really need a reliable solution which will work in the future too. Tell me if I am wrong Roger, but since NWJS doesn't have any DOM access restriction, it would be very easy to grab the users Google password (just need to watch the input field value). So it seems logical that Google would want to disable login inside NWJS. Don't you think?

[rogerwang]

I don't think NW is blocked, as it works for me. It could be a bug somewhere on your side.

[josh83abc]

I really don't understand why it is working on your computer, because I tried on multiple machines. There are also that issue here and some emails I got from users on my support line, so I think there is something happening here. But since I found a workaround I am happy with, I guess it is all good on my side now :) Again thanks for your great work, my app works great with NWJS!

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.