Google authentication issue on the latest macOS update
andy61i opened this issue · comments
Setup
macOS Sierra 10.12.6 (16G1314) OR macOS High Sierra 10.13.4 (17E199)
Google Chrome Version 65.0.3325.181 (Official Build) (64-bit)
Pods
- GoogleAPIClientForREST (1.3.4)
- GoogleAPIClientForREST/Core (1.3.4)
- GoogleAPIClientForREST/Drive (1.3.4)
- GoogleAPIClientForREST/Oauth2 (1.3.4)
- GTMAppAuth (0.7.0)
- GTMSessionFetcher (1.1.15)
- GTMSessionFetcher/Core (1.1.15)
- GTMSessionFetcher/Full (1.1.15)
Problem
The following authentication code worked well before the latest macOS update:
#define CLIENT_ID @"382239646343-0elsgpt33tkmvod7pgdc8qbn6e9sn169.apps.googleusercontent.com"
#define CLIENT_SECRET @"deleted"
#define REDIRECT_URI @"com.googleusercontent.apps.382239646343-0elsgpt33tkmvod7pgdc8qbn6e9sn169:/oauthredirect"
#define DRIVE_SCOPE @"https://www.googleapis.com/auth/drive"
OIDServiceConfiguration* configuration = [GTMAppAuthFetcherAuthorization configurationForGoogle];
OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:CLIENT_ID
clientSecret:CLIENT_SECRET
scopes:@[DRIVE_SCOPE]
redirectURL:[NSURL URLWithString:REDIRECT_URI]
responseType:OIDResponseTypeCode
additionalParameters:nil];
self.authorizationFlow = [OIDAuthState authStateByPresentingAuthorizationRequest:request
callback:^(OIDAuthState * _Nullable authState, NSError * _Nullable error) {
if (authState) {
GTMAppAuthFetcherAuthorization* authorization = [[GTMAppAuthFetcherAuthorization alloc] initWithAuthState:authState];
self.service.authorizer = authorization;
...
} else {
self.service.authorizer = nil;
...
}
}];
Since the update there is a problem:
- Chrome starts and offer to select a Google account => Select one
- Appears a page to allow access to Google Drive files => Allow
- A popup appears with a query to start the app initiated this authentication
Then there are 3 possible scenarios:
- Wait a couple of seconds. The underling "allow access page" will automatically forwards to Google Search (as on the screen above). Then pressing "Open SafeInCloud Password Manager" will do nothing (the auth callback never gets called).
- Be quick and press "Open" button immediately. Then authentication will work.
- If the "Always open these type of links" checkbox was pressed in scenario 1 (on previous macOS build) or in scenario 2, then authentication will work automatically.
So, the problem is this autoforwarding from the "allow access page" to Google Search pages.
Testing
The app to test problem:
https://www.safe-in-cloud.com/download/beta/SafeInCloud.dmg
Steps to reproduce:
- Start the app
- Select 'Restore database from a cloud'
- Select 'Google Drive'
Does this help? https://github.com/openid/AppAuth-iOS#bulb-alternative-custom-uri-schemes
Let's follow up on the AppAuth page. I suggest we close this issue. TL;DR: this is working "as expected", the AppAuth docs discuss it, and also provide a solution.