Page 1 of 3

Google Sign-in deprecation schedule

PostPosted: Thu May 16, 2019 4:31 am
by magreenblatt
Hi All,

Google will begin blocking sign-in from CEF-based embedded web views (announced here and initially discussed here) on the following proposed schedule:

  • June 2019: block all obvious automation.
  • Aug 2019: block all new app from signing in using CEF.
  • Jan 2020: block existing app from signing in using CEF.
Google has requested feedback on this schedule. You can post your feedback here, or reach out to Jonathan Skelker directly.

What apps will be impacted?

This will impact any apps that sign in to Google services directly instead of using the recommended OAuth flow. Google has a resource here that can help with OAuth authentication using the system browser.

What apps will not be impacted?

This should not impact apps that are themselves genuine system browser apps (e.g. apps that are intended to replace the default system browser). If you are the author of a system browser app and have upfront concerns please reach out to Jonathan Skelker directly.

Re: Google Sign-in deprecation schedule

PostPosted: Thu May 16, 2019 8:29 am
by ndesktop
I am working on an application which is a browser, just not a system browser (it can be used as a standalone browser).
The application is a part of a security suite; its use case is
1. user navigates to a bank/payment URL in another browser
2. our network interceptor detects the navigation, scan the URL against our cloud db and sees it is a banking URL
3. depending on user settings, we prompt the user to continue navigation in our browser or launch automatically the URL in our browser
4. user performs the banking/payment in our browser (which strips extensions, executes in another non-hookable desktop, might trigger our VPN solution on the duration of session on our browser etc.)
5. user closes the browser and returns to the default desktop.

So the obvious question is: in which scenario does this application fit, not being a system browser *and* embedding CEF, but still being a browser ?

Re: Google Sign-in deprecation schedule

PostPosted: Fri May 17, 2019 3:45 am
by Jonathan

Re: Google Sign-in deprecation schedule

PostPosted: Tue Dec 17, 2019 2:31 pm
by mbragg12
Was there ever any clarification on how to deal with this when we are the system browser? We are starting to see what I assume is the the error page related to this: "Couldn't sign you in This browser or app may not be secure. Learn more Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in."
Does anyone have the contact info for Jonathan Skelker?

Re: Google Sign-in deprecation schedule

PostPosted: Wed Dec 18, 2019 4:22 am
by magreenblatt
You should be able to discover his email from the above-linked threads, or you can PM the “Jonathan” account that commented above.

Re: Google Sign-in deprecation schedule

PostPosted: Mon Jan 06, 2020 9:31 am
by ndesktop
And the day arrived. cefclient cannot login into GMail.

Re: Google Sign-in deprecation schedule

PostPosted: Mon Jan 06, 2020 9:34 am
by magreenblatt
ndesktop wrote:And the day arrived. cefclient cannot login into GMail.

It's been problematic for a while. See related conversation in viewtopic.php?f=10&t=16717.

Re: Google Sign-in deprecation schedule

PostPosted: Mon Jan 06, 2020 9:58 am
by ndesktop
I know. Anyways, I still don't get how using the same user agent from command line works in Chrome, but does not work in cefclient or other CEF embedding apps.
On the other hand, Mozilla still works.

Re: Google Sign-in deprecation schedule

PostPosted: Mon Jan 06, 2020 10:12 am
by magreenblatt
There are some differences between Chromium/CEF and Chrome that can be detected with various combinations of JS and server-side sniffing techniques. For example, default Chromium builds don't include Google API Keys. If a browser advertises as Chrome via U-A then it makes sense to use these techniques to validate the browser as Google Chrome specifically.

Re: Google Sign-in deprecation schedule

PostPosted: Mon Jan 06, 2020 12:16 pm
by ndesktop
Makes sense. I was considering obtaining an API Key that would been recognized by GMail team, but I think they will support only well-known mainstream browsers.
Basically being in the list with Chrome, Firefox, Edge etc.

I run out of ideas - the Google groups conversation started by you did not end with any detail - last post is mine from 05/2019. Did someone contacted Google for obtaining API keys for a Chromium browser? How does it work?