-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not working due to security issue after entering email address. #2
Comments
Google appears to have made a change to the API. Thanks for the information. |
Previously, the extension exploited a vulnerability by generating a fake device challenge for the AuthAdvice endpoint. The vulnerability was that the endpoint was not validating the device challenge token, and so a fake one could take its place. My guess would be that Google may have patched this issue, but that's speculative and unverified. |
@AngeloD2022 any ideas on another solution to get the token? |
@nikwilliamson Worst case scenario: I will have to completely reverse engineer the challenge completion process. I am still investigating the issue. |
In the mean time – do you know if there is a way to get a working refresh token from a google dev account? |
Okay, well... Unfortunately, it was the worst-case scenario. This is a big headache. |
To answer your question, no. Currently, there is no other way of obtaining a token besides proxying the traffic sent by the iOS app and recording the refresh token. |
Do you have a guide for doing this by chance? I suppose without the token there is no way to use the Google Wifi API? |
Headache resolved :) |
Thanks for the fix! I just tested as I needed it and it worked perfectly :) |
When beginning the auth flow, getting an error saying, "
Google couldn’t confirm this attempt to sign in is safe. If you think this is a mistake, you can close and try again to sign in.
". This happens with and without the headers, and in the web version and the chrome version.Unable to resolve.
The text was updated successfully, but these errors were encountered: