Is Postman Phishing?

[Redsandro]

Normally when I am logged in to Chrome, I can login to the Postman app using my Google Account. No need to enter my password (because I am already logged in), just need to cancel or accept from the google screen.

Now Postman opens this non-transparent dialog:

How can I verify this is from Google? It looks like google, but I cannot verify the address. Besides, I am already logged in on Chrome.

If there is a legit reason for not picking up the logged in status from Chrome anymore, please open the login window in a full browser window that shows the URL in the address bar.

[abhijitkane]

Postman uses Chrome's identity API (https://developer.chrome.com/apps/identity) to enable the 'Sign in with Google' functionality. The URL Postman opens in the modal window is a getpostman.com URL which redirects to this:
https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Fclient-oauth2-callback&client_id=805864674475-3abs2rivkn7kreou30b8ru8esnti4oih.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&access_type=offline&approval_prompt=force. This is the page that shows up where you need to enter your credentials.
You can verify this by using a tool like Wireshark / Charles Proxy.
Postman manually clears the cache - otherwise there's no way of selecting another Google account if you're logged in from one. The UI of Google's OAuth2 window seems to have changed with their recent logo change.

[Redsandro]

So through no fault of Postman, Google made an in my opinion bad change.

I don't want to open Wireshark and enter wrong credentials to verify apps.