frontend icon indicating copy to clipboard operation
frontend copied to clipboard

Published 20 hours ago verified publisher icon podkrepi-bg

[Bug] Google Authentication issues

Open Juicebgs opened this issue 2 years ago • 3 comments

Describe the bug We have received several emails ([email protected]) from people unable to login with their google accounts. If the problem is resolved, please mark as invalid.

Juicebgs avatar Aug 03 '22 20:08 Juicebgs

I am curious if we know the emails they had issues logging in with. I just tested and I am able to authenticate with google just fine. However, if you created the account manually with your google email (just manually fill in your data and provide a google mail as an email) and later try to login through the google integration that does not work. This is also not intended by the way. If you create the account manually, it has a password so you cannot log in via the integration. The opposite applies to too - if you created your account via the integration, you cannot login with a password.

Please provide some of the mails that mentioned this issue. I believe we can check whether the existing account is linked to a google account or if it's manual. Then we can confirm what the root cause is. I am almost certain that it is the case that I described above. If that's true then we actually need to provide an error back, because when logging in fails, there is no error message on the screen stating that your account is using password authentication.

P.S.: We can also check this on discord, so you don't have to publish the emails of people here.

imilchev avatar Aug 04 '22 09:08 imilchev

@imilchev I will send information via discord because emails are considered sensitive data under GDPR.

Juicebgs avatar Aug 04 '22 15:08 Juicebgs

we need to improve the error message on these failed attempts, so that both users and us now more what causes them

igoychev avatar Aug 06 '22 10:08 igoychev

I believe I found what causes this issue. Its caused by trying to donate by opening a link via Facebook native app (it opens podkrepi.bg via FB browser. If you try to Login with google after that while in FB browser the useragent is disallowed. I believe this is not a small blocker because a lot of people find out about Podkrepi.bg campaigns from Facebook shares, if they open via Mobile and Choose to login with google this will block them. Maybe its configuration issue, maybe you should disable login with Google(and implement Login with Facebook instead) until the end user changes to some "proper" browser. Or at least put a text explaining that to login with google they should open the normal browser and not do it under facebook native app.

https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html#comment-form

Steps:

  1. Open a Donation link via Facebook native app
  2. Click to donate
  3. On the Login step choose login with google
  4. Insert your email & password

Actual: You get an error that the user agent is disallowed and you cannot proceed with the donation . 315090592_832667154597288_5365002690334922688_n (1)

rkgeorgiev avatar Nov 15 '22 08:11 rkgeorgiev

https://developers.google.com/identity/gsi/web/guides/supported-browsers

The JavaScript client library for Sign In With Google and Google One Tap is designed to be compatible with most common browsers and platforms. It is not guaranteed to work on all browsers or platforms.

Due to security risks the JavaScript client library is only supported on the latest two versions of each browser.

This is unfortunately something new from Google and we cannot do much about it. I hope they improve their error message. I will close that issue now, reopen if you have any suggestions.

@igoychev

we need to improve the error message on these failed attempts, so that both users and us now more what causes them

We can only make the error message better once they come back from the Google error I believe

dimitur2204 avatar Dec 11 '22 16:12 dimitur2204