ios
ios copied to clipboard
“Advanced Protection” Google Users Cannot Authorize Login
Please agree to the following
- [X] I have searched existing issues for duplicates
- [X] I agree to follow this project's Code of Conduct
Summary
Google Members who have enabled Advanced Protection on their accounts cannot authorize Cryptomator to access Drive. I filed this as a “bug” but I realize that it’s not a bug with Cryptomator as such, rather maybe some change that needs to be made to allow access to users with this setup.
System Setup
- iOS: 15.4 (19E241)
- Cryptomator: 2.2.2 (882)
- Google: Advanced Protection Program
Cloud Type
Google Drive
Steps to Reproduce
- In Cryptomator navigate to Settings > Cloud services > Google Drive > +
- Login to Googe with Credentials
- Authorize via Yubikey
- Error message
Expected Behavior
Successful authentication of account and approved permissions for Cryptomator to read drive data
Actual Behavior
Presented with the following error message and message to developers:
Authorization Error Error 400: policy_enforced
Advanced Protection prevented your Google Account from signing in. This security feature stops most non-Google apps and services from accessing your data to keep your account protected.
[Learn more(https://support.google.com/accounts/?p=2sv_non-goog)
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google. If you’re the app developer, make sure that these request details comply with Google policies.
response_type: code code_challenge_method: S256 redirect_uri: com.googleusercontent.apps.1008971033086-g04bmhlsc1cgjisa595bbc61mk1bscfu:/oauthredirect state: y8nYvseUHr1ag1zi6tWjnUec3d2i_GZxEUBEkmYSETQ nonce: CvdY5JYUaQsJl_KGmUszpYdMw7UjAmNbXPfeuwFxaOs code_challenge: G1qLWDEfHlM_UgPqq0bB__Z7oXPfjI485I43JLpY8hk client_id: 1008971033086-g04bmhlsc1cgjisa595bbc61mk1bscfu.apps.googleusercontent.com access_type: offline scope: https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/userinfo.email openid
Reproducibility
Always
Relevant Log Output
No response
Anything else?
No response
Thank you for your bug report! First I thought that it might have to do something with an unfinished verification process. But as it turns out, that wasn't the case. It looks like that it's the same on Android and there is a workaround: https://community.cryptomator.org/t/problem-connecting-to-google-drive-when-participating-in-advanced-protection-program/4972
It looks like that Google is quite restrictive regarding their Advanced Protection Program for non-Google services/apps: https://support.google.com/accounts/answer/7539956?hl=en#zippy=%2Ccan-i-use-non-google-apps-services-or-apps-script-with-advanced-protection
This issue still exists, and the workaround seems to be limited: it will only allow creating/finding a vault while advanced protection is disabled. The vault will continue to work after it is re-enabled, but only on devices that granted access to their drive while it was disabled. New devices will not be able to use cryptomator. Any other suggestions?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.