Nativefier: Google blocks login from nativefier app, unless setting userAgent to non-Chrome browser

this is a well known issue:

Google will no longer allow OAuth requests to Google in embedded browsers. "On April 20, 2017, we will start blocking OAuth requests using web-views for all OAuth clients on platforms where viable alternatives exist." We received this notice. In our iOS app using the Google drive, but google drive sdk no updated.

more information: https://stackoverflow.com/questions/41705752/google-oauth-electron-webview-deprecation

Google solutions: https://developers.google.com/identity/protocols/OAuth2InstalledApp

you cannot electronize Google's original apps anymore -> deal with it, it's forbidden

Weird, it still works fine for me.

It works for me on installations that I had logged into previously, but not newly created applications.

I can do it on new applications

@Aidoboy are you using 2-factor authentication?

Further testing seems to confirm that the issue only occurs with 2-factor authentication enabled on the Google account.

If this is in fact the limitation, I wonder if there are any practical workarounds besides completely disabling 2-factor authentication?

it's not 2FA related

any app trying to reach out to Google OAuth login page will open an external browser window

installed apps must open the system browser and supply a local redirect URI to handle responses from Google's authorization server

It's working for me with 2FA

On Tue, Sep 3, 2019, 3:13 AM Filip Oščádal notifications@github.com wrote:

it's not 2FA related

any app trying to reach out to Google OAuth login page will open an
external browser window

installed apps must open the system browser and supply a local redirect
URI to handle responses from Google's authorization server

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/jiahaog/nativefier/issues/831?email_source=notifications&email_token=ABYT6YSKAHSURYVZFYTL3FTQHYMCDA5CNFSM4IMNW2V2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5XMTAI#issuecomment-527354241,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABYT6YRPQHMPE7TOHF2FL5TQHYMCDANCNFSM4IMNW2VQ
.

It's working with 2FA for me too. I use --internal-urls "(.*?contacts\.google\.com.*?|.*?accounts\.google\.com.*?)".
EDIT: see also #706

This must have been a temporary issue on the Google end, as I just tried the original nativefier app recently, and it's logging in just fine now.

This must have been a temporary issue on the Google end, as I just tried the original nativefier app recently, and it's logging in just fine now.

https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html

note:

Because we can’t differentiate between a legitimate sign in and a MITM attack on these platforms, we will be blocking sign-ins from embedded browser frameworks starting in June 2019.

nativefier --electron-version 7.1.2 --name "Google Contacts" --internal-urls "contacts.google.*?" --single-instance "https://contacts.google.com"

this works perfectly

nativefier --electron-version 7.1.2 --name "Google Contacts" --internal-urls "contacts.google.*?" --single-instance "https://contacts.google.com"

this works perfectly

@maxogden App crashes when trying to use --electron-version 7.1.2 (osx Mojave)

@thehunmonkgroup and everybody else - I found a fix by this comment ( thank you so much @futurehaskins).

This works well:
nativefier https://mail.google.com/mail --user-agent 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0' --name "My Gmail" --internal-urls ".*accounts .google.com.*"

@thehunmonkgroup and everybody else - I found a fix by this comment ( thank you so much @futurehaskins).

This works well:
nativefier https://mail.google.com/mail --user-agent 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0' --name "My Gmail" --internal-urls ".*accounts .google.com.*"

Doesn't work for me, unfortunately

Did to no the error in my message? There is a space before ".google".
Remove it and try.

On Wed, Dec 18, 2019, 10:14 PM Daniel G. Wilson notifications@github.com
wrote:

@thehunmonkgroup https://github.com/thehunmonkgroup and everybody else

• I found a fix by this comment
  https://github.com/ramboxapp/community-edition/issues/2495#issuecomment-562358578
  ( thank you so much @futurehaskins https://github.com/futurehaskins).

This works well:
nativefier https://mail.google.com/mail --user-agent 'Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0' --name "My
Gmail" --internal-urls ".accounts .google.com."

Doesn't work for me, unfortunately

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/jiahaog/nativefier/issues/831?email_source=notifications&email_token=AAQPXCM7SZZTFAM5BZXSTKDQZKACFA5CNFSM4IMNW2V2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHHLKAY#issuecomment-567194883,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAQPXCPPDGX76IJ65I4FH3DQZKACFANCNFSM4IMNW2VQ
.

Finally found a solution, thanks royts. Removing the space worked for me. Kept getting the 'This browser or app may not be secure' when trying to sign into googles remote desktop.
nativefier "https://remotedesktop.google.com/access/" --user-agent 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0' --name "RemoteD" --internal-urls ".*accounts.google.com.*|remotedesktop.google.com/access/"

@thehunmonkgroup and everybody else - I found a fix by this comment ( thank you so much @futurehaskins).
This works well:
nativefier https://mail.google.com/mail --user-agent 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0' --name "My Gmail" --internal-urls ".*accounts .google.com.*"

Doesn't work for me, unfortunately

Tried again without the space (could have sworn I tried that previously, hmmm) and it works perfectly.

@thehunmonkgroup and everybody else - I found a fix by this comment ( thank you so much @futurehaskins).
This works well:
nativefier https://mail.google.com/mail --user-agent 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0' --name "My Gmail" --internal-urls ".*accounts .google.com.*"

Doesn't work for me, unfortunately

Tried again without the space (could have sworn I tried that previously, hmmm) and it works perfectly.

This isn't working currently.
After I enter the 2-step verification code it opens a tab in the default browser with the following message:

1. That’s an error.
   The requested URL was not found on this server. That’s all we know.

Here is the address from the tab:

https://mail.google.com/accounts/SetOSID?authuser=0&continue=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fssdc%3D1%26sidt%3DALWU2cuRdPBT0x7M6pkFNTW7585laPdinejaS13FD9lFbEyGS7pJeHiqUnItCWckeyThTWDfo2x8l%252F%252BuiQiGFF2baoRCUIxnhrYBD7ZkT8YrgGJy4kJ2cKm7ssqRRUu3C4NKWKVy9BHBRnaIgZy9TixysDdtRzAXapIDG39YVAjCIVKEqlzmAGA%252BQ3QwP1fgHkACp0rgpIqGa2xj%252BjKTZim0ySdhgs6dN2WGCqY8zr%252FXnLUnm8UowzMWRbj7PyVlmRCl%252B9Tgi%252BFcr%252BfsGn%252Fc2nXVQ%252BbxOsrSj0qaiRz7veNIbBJQeZIWaSzhpuvI1oluD3nLNsB8qPL17kG0HkSBCXcjlNe%252F%252BnLYSbh1YaoogWMbuI0pIYJdGclQ9TFQJ5h6smcb1Xw8%252BmA%252FUJ0e2yCz9ywph%252BXgNJZkLA%253D%253D%26continue%3Dhttps%253A%252F%252Fmail.google.com%252Fmail%252F%26dbus%3DCA%26dbus%3DRU&osidt=ALWU2cu9jiz-WfWrhTXv2sO5Yf1DLUa2Z_9rUQaZLoG_M-5B806dn8SR83y4Qt4Y2tef3KID6u9Og_TLHQRIFj55ADlBgT38mdd3DDrl_ChfAuC1tvbwPqqrz9HVGmSs1izXUgIR-7lT0j0i4QkTN-D6sfTkvadZBBdqcrSC2weJMzSdw1DsQqM-RK8P68iL_-KYTki-Qiv3_yKamQjEI4RsutFZs8x7TQ

Here is the command that worked for me:

nativefier "https://mail.google.com/" --maximize --name Gmail --user-agent "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0" --internal-urls "(.*?mail\.google\.com.*?|.*?accounts\.google\.com.*?)" --single-instance --electron-version 7.1.11

I copied it from here: https://aur.archlinux.org/packages/google-calendar-nativefier/

Hope this little tidbit also helps people out:

After successfully logging in using the FF userAgent hack described, I found that external links were broken in Gmail. Solved this by:

1. Creating the original nativefier app with --user-agent "Mozilla/5.0 (Windows NT 10.0; rv:74.0) Gecko/20100101 Firefox/74.0"
2. Open the app, log into Google
3. Shut down the app
4. Edit [path to app]/resources/app/nativefier.json, and remove the userAgent attribute from the JSON.
5. Open app, profit.

Here is the command that worked for me:

nativefier "https://mail.google.com/" --maximize --name Gmail --user-agent "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0" --internal-urls "(.*?mail\.google\.com.*?|.*?accounts\.google\.com.*?)" --single-instance --electron-version 7.1.11

I copied it from here: https://aur.archlinux.org/packages/google-calendar-nativefier/

Thank you ! It works for me !

I tried all the solutions here, and still couldn't get it to work for classroom.google.com.

What worked for me:
Go to https://www.whatismybrowser.com/detect/what-is-my-user-agent and use the user agent they say your browser is using. I imagine that all the user agent strings I was using were old versions, and that Google is being more aggressive about rejecting old versions of browsers. I used my current user agent string, along with internalUrls set to .* and it worked fine for me. Next step for me will be constraining the .* to a more restricted Regex, but at least I got the app to work!

FWIW, I made a few changes that would compute the version number of the latest Chrome release and set that as the agent string every time the nativified app starts. I'm not going to make a pull request for it, because it's a very brittle (uses screen scraping) and does some async stuff in ways that make me uncomfortable - but if you want to, go ahead and check it out:
https://github.com/joeskeen/nativefier/tree/auto-user-agent
To use it, set userAgent to auto.
I tested it and it works for Google apps.

Hi all, using Nativefier v9.1.0 on macOS Catalina v10.15.6 (19G73), I have no issues using Gmail—weird.

Simple nativefier "https://mail.google.com/" worked fine...

I am using firebase google auth for my website when converting into linux app login does not happens in my desktop app. It automatically chooses firefox to login it is not working. I need to login inside my app
nativefier --user-agent 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0' --name "My Gmail" --internal-urls ".*accounts.google.com.*"