Google oAuth no longer appears to work form Desktop

Description

When I attempt to login with Google oAuth I see a message that says "This browser or app may not be secure"

This is occurring on desktop 4.4.0 . I went back and checked 4.3.0 and I see the same screen.

update: This occurs for me when using a generic email address dylan.haussermann@gmail.com and does not seem to occur when using dylan@mattermost.com

A similar issue exist for Zoom oAuth reported in late January () but at that time, login to the Mattermost App itself via Google oAuth was working,

note: if the oAuth account is misconfigured or the email is in use for a user using a different authentication method - I still see the normal page from the MM app

Steps:

  • Launch desktop App

  • Add the mysql server: http://mysql.test.mattermost.com

  • On the mysql tab, click Google Apps

  • Provide a valid email and password for a Google account. The email cannot be associated to an existing user on the server that is using another authentication method
    Expected: User is logged in
    Observed: User see's message about insecure browser or app

QA Test Steps

see description

Activity

Show:
Dylan Haussermann
April 21, 2020, 6:54 PM

This task can be closed

Dylan Haussermann
April 21, 2020, 6:49 PM

Tested and passed on 4.4.1-rc1 .
Used Zoom plugin to confirmed a user can use Google oAuth in the child window and authenticate with a generic “@gmail.com“ address not part of G-Suite.

Dean Whillier
March 24, 2020, 8:21 PM
Edited

Step 1 (short team):

  • implement a user agent change in the popup window that handles oAuth to simulate browser-based authentication to temporarily bypass Google's restrictions

  • release with Desktop v4.4 dot release in the next couple weeks or so

Step 2 (longer term):

  • investigate implementing proper browser-based oAuth handling and propose an approach with associated tickets assigned to appropriate teams (Enterprise & Apps)

  • work with Enterprise team to implement proposed approach

  • revert short term user agent change

  • release with Desktop v4.5

Work on this for Apps team would be handled by Guillermo, we would consult with Scott and his team for server-side support once an approach is determined.

Eric Sethna
March 24, 2020, 8:14 PM

do we have concrete next steps here? Concerned that this sounds like a severe regression that will block users from logging in.

Guillermo Vayá
March 23, 2020, 7:20 PM

Meeting Notes:

Zoom plugin solution

  • requires two fixes, one general on the desktop one specific for the platform, that needs to expand to other plugins

Short term solution:

  • Create a popup window from desktop app with different userAngent

  • To be deployed on a dot release

Concerns:

  • feels wrong and eventually will fail

  • hope to not have to do special considerations on new code depending on this change

  • do this make us look bad? we are open source

  • ensure timeline exists

Long term Solution:

  • Expected in about 2-3 months. Deployed on next release.

  • Apps team will investigate how to do it, but will likely pass to enterprise or other team if it relies on server changes.

ToDo:

  • Test shorterm solution (Guillermo)

  • Add comment in code for short term solution showing there is a plan for long term

  • Guillermo to investigate oath 2 on other electron apps and define a long term solution.

 

Done
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Guillermo Vayá

QA Assignee

Dylan Haussermann

Reporter

Dylan Haussermann

Fix versions

Mattermost Team

Core Features

Labels

QA Testing Areas

Integrations

Components