Giters

google / GTMAppAuth

Apple platforms SDK for using AppAuth with Google libraries.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Google authentication issue on the latest macOS update

andy61i opened this issue · comments

commented

Setup
macOS Sierra 10.12.6 (16G1314) OR macOS High Sierra 10.13.4 (17E199)
Google Chrome Version 65.0.3325.181 (Official Build) (64-bit)

Pods

  • GoogleAPIClientForREST (1.3.4)
  • GoogleAPIClientForREST/Core (1.3.4)
  • GoogleAPIClientForREST/Drive (1.3.4)
  • GoogleAPIClientForREST/Oauth2 (1.3.4)
  • GTMAppAuth (0.7.0)
  • GTMSessionFetcher (1.1.15)
  • GTMSessionFetcher/Core (1.1.15)
  • GTMSessionFetcher/Full (1.1.15)

Problem
The following authentication code worked well before the latest macOS update:

#define CLIENT_ID @"382239646343-0elsgpt33tkmvod7pgdc8qbn6e9sn169.apps.googleusercontent.com"
#define CLIENT_SECRET @"deleted"
#define REDIRECT_URI @"com.googleusercontent.apps.382239646343-0elsgpt33tkmvod7pgdc8qbn6e9sn169:/oauthredirect"
#define DRIVE_SCOPE @"https://www.googleapis.com/auth/drive"

OIDServiceConfiguration* configuration = [GTMAppAuthFetcherAuthorization configurationForGoogle];
    OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
                                                                                     clientId:CLIENT_ID
                                                                                 clientSecret:CLIENT_SECRET
                                                                                       scopes:@[DRIVE_SCOPE]
                                                                                  redirectURL:[NSURL URLWithString:REDIRECT_URI]
                                                                                 responseType:OIDResponseTypeCode
                                                                         additionalParameters:nil];
    self.authorizationFlow = [OIDAuthState authStateByPresentingAuthorizationRequest:request
                                                                            callback:^(OIDAuthState * _Nullable authState, NSError * _Nullable error) {
        if (authState) {
            GTMAppAuthFetcherAuthorization* authorization = [[GTMAppAuthFetcherAuthorization alloc] initWithAuthState:authState];
            self.service.authorizer = authorization;
            ...
        } else {
            self.service.authorizer = nil;
            ...
        }
    }];

Since the update there is a problem:

  • Chrome starts and offer to select a Google account => Select one
  • Appears a page to allow access to Google Drive files => Allow
  • A popup appears with a query to start the app initiated this authentication

popup

Then there are 3 possible scenarios:

  1. Wait a couple of seconds. The underling "allow access page" will automatically forwards to Google Search (as on the screen above). Then pressing "Open SafeInCloud Password Manager" will do nothing (the auth callback never gets called).
  2. Be quick and press "Open" button immediately. Then authentication will work.
  3. If the "Always open these type of links" checkbox was pressed in scenario 1 (on previous macOS build) or in scenario 2, then authentication will work automatically.

So, the problem is this autoforwarding from the "allow access page" to Google Search pages.

Testing
The app to test problem:
https://www.safe-in-cloud.com/download/beta/SafeInCloud.dmg
Steps to reproduce:

  • Start the app
  • Select 'Restore database from a cloud'
  • Select 'Google Drive'
commented

Does this help? https://github.com/openid/AppAuth-iOS#bulb-alternative-custom-uri-schemes

Let's follow up on the AppAuth page. I suggest we close this issue. TL;DR: this is working "as expected", the AppAuth docs discuss it, and also provide a solution.