Google oAuth no longer appears to work form Desktop
When I attempt to login with Google oAuth I see a message that says "This browser or app may not be secure"
This is occurring on desktop 4.4.0 . I went back and checked 4.3.0 and I see the same screen.
update: This occurs for me when using a generic email address email@example.com and does not seem to occur when using firstname.lastname@example.org
A similar issue exist for Zoom oAuth reported in late January () but at that time, login to the Mattermost App itself via Google oAuth was working,
note: if the oAuth account is misconfigured or the email is in use for a user using a different authentication method - I still see the normal page from the MM app
Launch desktop App
Add the mysql server: http://mysql.test.mattermost.com
On the mysql tab, click Google Apps
Provide a valid email and password for a Google account. The email cannot be associated to an existing user on the server that is using another authentication method
Expected: User is logged in
Observed: User see's message about insecure browser or app
QA Test Steps
This task can be closed
Tested and passed on 4.4.1-rc1 .
Used Zoom plugin to confirmed a user can use Google oAuth in the child window and authenticate with a generic “@gmail.com“ address not part of G-Suite.
Step 1 (short team):
implement a user agent change in the popup window that handles oAuth to simulate browser-based authentication to temporarily bypass Google's restrictions
release with Desktop v4.4 dot release in the next couple weeks or so
Step 2 (longer term):
investigate implementing proper browser-based oAuth handling and propose an approach with associated tickets assigned to appropriate teams (Enterprise & Apps)
work with Enterprise team to implement proposed approach
revert short term user agent change
release with Desktop v4.5
Work on this for Apps team would be handled by Guillermo, we would consult with Scott and his team for server-side support once an approach is determined.
do we have concrete next steps here? Concerned that this sounds like a severe regression that will block users from logging in.
Zoom plugin solution
requires two fixes, one general on the desktop one specific for the platform, that needs to expand to other plugins
Short term solution:
Create a popup window from desktop app with different userAngent
To be deployed on a dot release
feels wrong and eventually will fail
hope to not have to do special considerations on new code depending on this change
do this make us look bad? we are open source
ensure timeline exists
Long term Solution:
Expected in about 2-3 months. Deployed on next release.
Apps team will investigate how to do it, but will likely pass to enterprise or other team if it relies on server changes.
Test shorterm solution (Guillermo)
Add comment in code for short term solution showing there is a plan for long term
Guillermo to investigate oath 2 on other electron apps and define a long term solution.