Rocket.chat.electron: Can't login with Google OAuth on Windows/Linux/macOS clients with 2.17.2

Same issue on Mac Client v2.16.0

Same issue ("This browser or app may not be secure.") on 2.17.2 client, macOS 10.15.2, connecting to server 2.4.1

I tried everything that Google suggests (try to allow less secure apps, use app passwords) with no success. I suppose it's the result of their ban of Electron apps (more details on Reddit). The offered solution is to remove "Electron" from User Agent header that is sent by the app.

This also occurs on the Linux client

Confirmed....Linux client broken.

So this thread should be renamed to "Can't login with Google OAuth on Windows/Linux/macOS" in some way.

I've confirmed changing the user agent on the session resolves this problem in Linux. in src/main.js
const initialize = async () => { prepareApp(); await app.whenReady(); createMainWindow(); session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => { details.requestHeaders['User-Agent'] = 'Google Chrome'; callback({ cancel: false, requestHeaders: details.requestHeaders }); }); };

Could someone confirm it for version 2.17.5? I didn't have any issue with Google OAuth this week.

Same issue, freshly installed from the snap store

One additional question: is 2FA enabled on the account? AFAIK Google blocks non-2FA authentications outside Google Chrome unless "Less secure app access" is checked.

2FA is enabled on the account. The above screen appears after typing in the e-mail address and password.

Confirming I'm seeing the same as @expired00 on 2.17.5 Linux and Mac clients.

Same issue. My gmail account is already configured to allow rocket chat to access, but after upgrading to 2.17.7 I can't login with oauth using the gmail account because I get the error "This browser or app may not be secure. Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in."

After adding the following to src/main.js I was able to remove the message regarding the insecure browser:

const prepareApp = () => {
  setupErrorHandling('main');
+  app.userAgentFallback = app.userAgentFallback.replace('Electron/' + process.versions.electron, 'Electron');
+  app.userAgentFallback = app.userAgentFallback.replace('Chrome/' + process.versions.chrome, 'Chrome');

Which allows for the full sign in and redirect back to the app...but am given the saml error of "No matching login attempt found". Looks like something isn't capturing the creds somewhere along the path...

@tassoevan Hopefully you have something up your sleeve to fix that capturing phase?

I should add that I was making those changes on the base 2.17.7 tag code on a Mac OSX 10.15.3, with the backend being RC 3.0.2

Any resolution to this?

https://support.google.com/accounts/answer/7675428?hl=en

@tassoevan I think to solve this we can shift the social logins to browser and then redirect back to the app. Is this approach fine?

Would it be possible to just change the User-Agent to something like "Chrome/Rocket.Chat" to avoid this issue? (cf the Reddit thread already linked above)

Would it be possible to just change the User-Agent to something like "Chrome/Rocket.Chat" to avoid this issue? (cf the Reddit thread already linked above)

That's what I've done in my own dev version and it's working fine.

That's what I've done in my own dev version and it's working fine.

Where do we make this change?

I've confirmed changing the user agent on the session resolves this problem in Linux. in src/main.js
const initialize = async () => { prepareApp(); await app.whenReady(); createMainWindow(); session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => { details.requestHeaders['User-Agent'] = 'Google Chrome'; callback({ cancel: false, requestHeaders: details.requestHeaders }); }); };

I mentioned this above in an earlier comment, add the session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => { details.requestHeaders['User-Agent'] = 'Google Chrome'; callback({ cancel: false, requestHeaders: details.requestHeaders }); }); to the initialize

t's what I've done in my own dev version and it's working fine.

Doing such in a dev version is fine, doing in an actual product is not fine.

Would it be possible to just change the User-Agent to something like "Chrome/Rocket.Chat" to avoid this issue

Falsifying Rocket.Chat's identity in order to pretend to comply with a security policy can't definitely be a hack that an application of Rocket.Chat's standard can use.
The policy is there for a reason. When you open a browser and see https://google.com in the address bar, you can be confident that you’re talking to Google. When you do this inside an app, there’s no way to know whether the app is stealing your credentials.
Also, I think (not sure) Google has a recourse available against apps that intentionally violate such policies: it could disable Rocket.Chat server's OAuth keys. We don’t want this happening.

@abhigyank Indeed, didn't think about that.
But I guess doing this by opening a the social integration through a browser and redirect back to the app is not a trivial thing to implement right?

Running into this with only 1 user, but not everybody else. 2.17.9, Windows.

After adding the following to src/main.js I was able to remove the message regarding the insecure browser:

const prepareApp = () => {
  setupErrorHandling('main');
+  app.userAgentFallback = app.userAgentFallback.replace('Electron/' + process.versions.electron, 'Electron');
+  app.userAgentFallback = app.userAgentFallback.replace('Chrome/' + process.versions.chrome, 'Chrome');

Which allows for the full sign in and redirect back to the app...but am given the saml error of "No matching login attempt found". Looks like something isn't capturing the creds somewhere along the path...

@tassoevan Hopefully you have something up your sleeve to fix that capturing phase?

Can confirm that this change resolves the issue.

Just downloaded this software and tried to login with Google...
Unfortunately already created account on the web UI.
Its really inconvenient if users have to download/build source to get this running on their machines (Mac Catalina for me) :/

No updates on this? Literally preventing users from signing into the app.

No updates on this? Literally preventing users from signing into the app.

Yep, I abandoned this platform.

Still same stage - Google OAUTH doesn't work from R.Ch W10 Desktop App

What works is a direct connection to https://open.rocket.chat/ by browser only (Chrome, Edge, Safari, Firefox), then use Google OAUTH within the browser

Well, after waiting for half a year to solve it, we are estimating a move to the Riot.im Matrix IM.

For reference to how Zulip did it - https://github.com/zulip/zulip/pull/14747

this still happening on 2.17.11 on xubuntu 20.04.1 .

Works fine on the web interface.

the same issue on Xubuntu 20.04.1 with the new version tested both

rocketchat_3.0.1_amd64.deb 
Package: rocketchat
Version: 3.0.1-1885

AND

from snap repo :
rocketchat-desktop 3.0.1 196 latest/stable rocketchat✓

same issue with Windows version 3.0.2.1680

@tassoevan
Still have the same issue

 dpkg -l | grep rocket
ii  rocketchat                              3.0.3-1919                                                                  amd64    

Workaround for non-dev versions of Rocket.Chat (package/snap) while we wait for an official fix: Before logging in, open dev tools and follow this guide to set a custom user agent like Chrome on MacOS: https://developers.google.com/web/tools/chrome-devtools/device-mode/override-user-agent
When you are logged in, restore your user agent.