-
Notifications
You must be signed in to change notification settings - Fork 6
Google: Unable to sign in Again #40
Comments
Please provide some information. What account are you trying to create? can you provide a screenshot for the error? |
Google account sign in, user agent string as been blocked. |
I just tried, and indeed it doesn't work for me either. If Google doesn't want us to use their services, I think we should just remove the account, unless someone can come up with a user-agent string that works (or any other solution, for that matter). I'll still spend some time to investigate the issue, to make sure that the problem is indeed with the user-agent and not with some other protocol changes. But if nothing works, we should just remove it. |
OK, I did some investigation. First I tried removing most of the OAuth scopes from Then I ran
to collect the logs while I was trying to create the account, and when the URL for the login page was printed, I tried to open it in the Morph browser instead. Surprise surprise, it worked. It looks like Google is actively trying to prevent the user from authenticating within webviews: All this suggests me that there must be some code within the chrome engine, that is capable of detecting whether the webview is part of a browser or embedded in some application. It would be nice if someone with more experience with Morph (@mariogrip?) could help me understand whether there's something I need to implement in the Online Accounts webview to make the chromium engine think that we are a full-fledged browser. Maybe Google is trying to open some frame? I see this in the logs:
The fact that the page is called |
Remove the account, is not viable, people sync with google contacts. |
Fixed for now #43 |
How should implementing this draft solve a problem where Google bans embedded browser frameworks? Thats not causing any improvement. |
I updated my Nexus 5 to OTA-12 but unfortunately it's no longer possible to connect the Google account to synchronize the contacts. Morph Browser is not supported. How can I get around this? |
try to install this then reboot https://github.com/rubencarneiro/account-plugins/releases |
@rubencarneiro Hi, thanks for the answer! |
First do sudo -s |
It worked! |
Thank you for this great workaround solution! Will this plugin be implemented by default in a future OTA? |
Thats up to the Ubports team. |
I did some investigations too and found actually the chromium version of morph is v65, which is too old for Google (in fact Google is actively blocking it for access to Google accounts and so on). A solution could be to try to update chromium to latest version (at least v80) |
We explained already in detail why this is no fix that will work for all users (Google seems to be pretty inconsistent about it, but I think they will close all remaining gaps soon): Morph browser uses QtWebEngine which in turn uses a Chromium browser process. And that again is started by the accounts plugin to verify the details. Now see this snippet: |
@scardracs we do not have control over the Chromium version, as we use the one that comes with Qt version that is installed. We will upgrade soon to Qt 5.15 that will bump the version of CHromium probably, but the problem has nothing to do with the version. Its because Google can detect that the browser process is hosted by another app, and thats thought to have potential security risks. Read more here: https://9to5google.com/2019/04/18/google-block-man-in-the-middle/ |
Thanks @Flohack74 for the clarifications :) |
These keys have been generated in the Google API Console for a "desktop application". This also means that we cannot use an external OAuth callback, but we need to use a loopback URL. Luckily, Google does not really check whether there's actually a server responding on this address, so we can get away without implementing one. This seems to remove the warning on the insecure browser. Fixes: ubports#40
These keys have been generated in the Google API Console for a "desktop application". This also means that we cannot use an external OAuth callback, but we need to use a loopback URL. Luckily, Google does not really check whether there's actually a server responding on this address, so we can get away without implementing one. This seems to remove the warning on the insecure browser. Fixes: ubports#40
These keys have been generated in the Google API Console for a "desktop application". This also means that we cannot use an external OAuth callback, but we need to use a loopback URL. Luckily, Google does not really check whether there's actually a server responding on this address, so we can get away without implementing one. This seems to remove the warning on the insecure browser. Fixes: ubports#40
Hi everybody,
If it works, please add a thumbs up :-) If it doesn't, please describe the error you encounter in as much detail as possible. |
@mardy did we forget this for the release notes of OTA-113? Its also not marked to be on the OTA-13 board. |
Because somebody told me it works in OTA-13, but was that the fix with the user-agent which works sometimes probably. Should we target it for OTA-14 then ? |
This will automatically be used when the final URL is on the localhost. Plugins should use the LoopbackServer class to listen for accesses and forward them to this class. Contributes to: ubports/account-plugins#40
This will automatically be used when the final URL is on the localhost. Plugins should use the LoopbackServer class to listen for accesses and forward them to this class. Contributes to: ubports/account-plugins#40
I have a couple of merge requests implementing a different solution, which is the one recommended by Google. This does not rely on any specific user-agent string, but has the cost of worsening the user experience: the user will have to login in the Morph browser, then manually switch back to the application (or System Settings, if the account creation started from there). But this is what Google mandates. :-( Testers are welcome: please install the |
@mardy could morph be opened via url dispatcher maybe? tho I guess the way back would be an open question |
Morph opens fine already via url-dispatcher, the problem is on the way back. |
ah sorry misread |
Tested on my side on N5, so the sync is fine, only thing is that we don't know in the app ( e.g contacts) if its ok. I don't remember if we should see something under "Add google account " |
That has not been changed, unfrotunately a clear feedback has always been missing :-) |
i have the same on Axolotl, i need to solve a recaptcha on a specific page. Why not load a webengineview and catch the result? |
Can you please explain better what is happening? Are you able to solve the captcha and continue, or what exactly is the problem? |
So changing the user-agent to Microsoft Edge's agent and restarting Unity 8, then attempting to add the Google account succeeds. It seems Google is blocking the Morph user-agent completely and some older Chromium user-agents as I had to find a recent one. |
i took a look how google redirects back to a site from another window on desktop i noticed it makes use of a
in all the cases i tested |
I finally gave it a try since missing calendar/contacts sync is quite painful and this is awesome, it works very well on MX4, thank you :). Hopefully this gets merged soon-ish to make the process easier. And since signing in a web browser has to be done separately this is especially convenient that I didn't actually have to enter my credentials all over again if already filled in a web browser. |
* plugins: Add ErrorItem element to qmldir This reverts commit a3df645 and implements a proper solution. * plugins: add LoopbackServer class Taken from libauthentication to provide an easy way to account plugins to install a loopback server. * plugins: allow overriding the requestHandler in OAuth element * plugins: don't start authentication with overridden request handler If the requestHandler property has been overridden, do not start the authentication. This is likely the desired behaviour. * online-accounts-ui: add ExternalBrowserRequest for native browser This will automatically be used when the final URL is on the localhost. Plugins should use the LoopbackServer class to listen for accesses and forward them to this class. Contributes to: ubports/account-plugins#40
* debian: use compat version 10 This allows running crossbuilder multiple times without having dh-autoreconf complain about being run twice. * google: Use a loopback URL, authenticate on the external browser Contributes to: #40
It's working now. Tested on FP2: devel channel image (2021-11-23/2) |
Hi, it's been working correctly since 17 days ago for me. Tested scenarios: Since this ubports/ubuntu-system-settings-online-accounts#18 is related to his issue. Both are done. Test info: |
i can confirm i can log into google via system settings now |
Guess this user agent string is also blocked.
The text was updated successfully, but these errors were encountered: