Clarify 'Error': 'NeedsBrowser'
B16f00t opened this issue ยท 23 comments
When you enter an .edu account linked to Gsuite,
Displays: 'Error': 'NeedsBrowser.
{'Error': 'NeedsBrowser', 'Url': 'https://correo.XXXXXXXXXX.edu.co:8443/cloudkey/a/XXXXXX.edu.co/index?SAMLRequest=fVJLT%2BMwEL6vxH%2BIfM%2BrCLSymqACQlQCNqKBAzfjTFKD7Qkeu9399%2BumIOBAr59nvpdnfvbX6GQDjhTaipVZwRKwEjtlh4o9tFfpb3ZWH/2akzB65Ivg1/Ye3gKQT%2BKmJT49VCw4y1GQIm6FAeJe8tXi9obPsoKPDj1K1CxZXlZMohXrzhgNuh/wtRsGNC9iRCtBDAIV9IPupAWWPH7Ymu1sLYkCLC15YX2EilmZFqfp7LQtT3h5zIviiSXNu9K5svsEh2w974eIX7dtkzZ/Vu1EsFEduLs4XbEBcdCQSTQ7%2BUYQqU2Ee6Ep2lsQgfPR4AVaCgbcCtxGSXi4v6nY2vuReJ5vt9vskyYXebDPSLHADLoQoVxIYvVUL58Sui%2B9HvYvPvRZfUhhnn8hr98/cpdvedmgVvJfstAatxcOhI/hvAsx2xU6I/zP%2BmVWTojq0n4a5cHSCFL1CjqW5PVe9fvFxDv6Dw%3D%3D&RelayState=https://accounts.google.com/CheckCookie?continue%3Dhttps://accounts.google.com/o/android/auth?hl%253Den_us%2526xoauth_display_name%253DAndroid%252BLogin%252BService%2526source%253DAndroid%252BLogin', 'ErrorDetail': 'To access your account, you must sign in on the web. Touch Next to start browser sign-in.'}
This is a bit of a misleading response from Google. Nothing really went wrong, but Google has determined for whatever reason that they need you to log in through a web browser. In your case, it looks like your institution has their own custom login system. I've also seen this happen when Google thinks a log in attempt is suspicious.
You should be able to copy and paste that url into a browser and continue from there.
We could document this better, but I'm not sure there's anything else we can do to improve this case on gpsoauth's end.
It would be nice to try to capture the token when you click on the browser to complete the login or something like that. I could provide you with an account for testing if you wish.
That would be nice, but I think I'd rather not add the complexity of browser automation to the library.
I'll leave this open to track improving the ux, though.
Its a captcha issue. You can bypass this by click continue button... Click this link and click continue button: https://accounts.google.com/DisplayUnlockCaptcha
It's been two days since Google can't be accessed through this library
The error returns:
Error': 'NeedsBrowser', ''ErrorDetail': 'To access your account, you must sign in on the web. Touch Next to start browser sign-in.'}
Yeah, this looks new. The 'Url' key from the did get me to a login screen that worked, but didn't actually complete the OAuth flow. DisplayUnlockCaptcha didn't seem to work either.
Someone commented in some forum that these parameters make the authentication flow.
https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/app/src/main/java/com/aurora/store/util/AC2DMTask.kt#L27-43
I have not been able to check it.
having the same issue with a fresh install
i fixed. But on php. I will fix on python and pull it on here.
@emma-eva, how is the progress going? Do you mind sharing what your findings were, perhaps someone else can take it further, so we get the ball moving? :)
I solved it in python, you can see the code in Whapa tool, the whagodri.py library, also I had to modify one function of gpsoauth.
def perform_master_login_oauth(
email: str,
oauth_token: str,
android_id: str,
service: str = "ac2dm",
device_country: str = "us",
operator_country: str = "us",
lang: str = "en",
sdk_version: int = 28,
proxy: MutableMapping[str, str] | None = None,
) -> dict[str, str]:
"""
Perform a master login, which is what Android does when you first add
a Google account.
Return a dict, eg::
{
'Auth': '...',
'Email': 'email@gmail.com',
'GooglePlusUpgrade': '1',
'LSID': '...',
'PicasaUser': 'My Name',
'RopRevision': '1',
'RopText': ' ',
'SID': '...',
'Token': 'oauth2rt_1/...',
'firstName': 'My',
'lastName': 'Name',
'services': 'hist,mail,googleme,...'
}
"""
data: dict[str, int | str | bytes] = {
"lang": lang,
"google_play_services_version": 19629032,
"sdk_version": sdk_version,
"device_country": device_country,
"Email": email,
"service": service,
"get_accountid": 1,
"ACCESS_TOKEN": 1,
"callerPkg": "com.google.android.gms",
"add_account": 1,
"Token": oauth_token,
"callerSig": "38918a453d07199354f8b19af05ec6562ced5788",
}
return _perform_auth_request(data, proxy)
Just submitted a PR that solves this issue without doing manual token exchange :)
I've merged that and it seems to work fine for me! I'll look to cut a release today or tomorrow to include 1bf49e9.
Awesome news! Thanks @CyberAltra & @simon-weber โญ ๐ฅ ๐ฅ
Works perfect, I think this thread could be closed by now
Released in 1.0.1.
I think it would be a good idea to add a function for OAuth authentication, like the one I posted above, because GSuite accounts keep crashing and the user could take the cookie from his browser and login this way.
That's probably reasonable. Want to open a new issue to track it?
The beginning of this issue was for this reason, for example in my program to make this type of accounts work, I had to take your library and modify it by adding a function to log in with the browser, so I contemplate all the scenarios.
Have just tested 1.0.1/1.0.2 using this this yet still can't generate a master token using app passwords? Can others confirm working/not?
@nathanmarlor, i can confirm it worked just fine.
Here is a python SDK that is based on gpsoauth I used to test the master token:
https://github.com/leikoilja/glocaltokens/
Confirmed working, thanks!