Google Sign-in deprecation schedule

Do not post support requests, bug reports or feature requests. Discuss CEF here. Non-CEF related discussion goes in General Discussion!

Re: Google Sign-in deprecation schedule

Postby Czarek » Wed Jul 07, 2021 8:44 am

ndesktop wrote:As of 4430:
- paying/G suite login just works
- free accounts (gmail.com, accounts.google.com, youtube.com etc.) do not work.
In order to make it work a patched CEF using another accepted user agent is now required.

So from what I understand seting CefSettings.user_agent is not enough, because that changes only HTTP header. You also need to change user agent in JavaScript possibly by injecting custom js code. And that resolves the issue?
Maintainer of the CEF Python, PHP Desktop and CEF C API projects. My LinkedIn.
User avatar
Czarek
Virtuoso
 
Posts: 1927
Joined: Sun Nov 06, 2011 2:12 am

Re: Google Sign-in deprecation schedule

Postby ndesktop » Thu Jul 08, 2021 1:00 am

Czarek wrote:
ndesktop wrote:As of 4430:
- paying/G suite login just works
- free accounts (gmail.com, accounts.google.com, youtube.com etc.) do not work.
In order to make it work a patched CEF using another accepted user agent is now required.

So from what I understand seting CefSettings.user_agent is not enough, because that changes only HTTP header. You also need to change user agent in JavaScript possibly by injecting custom js code. And that resolves the issue?

As I mentioned, I solved this by patching CEF.
I am not using custom JS code (I suppose what I did is similar to what you mean by "injecting custom JS code", only I needed on C++ level because I am integrating in a C++ solution).

In short, what I have done is:
- add a new method to CefRequestHandler
Code: Select all
  ///
  // Gives the opportunity to override user agent before the request becomes
  // readonly.
  ///
  virtual bool GetOverrideUserAgent(CefRefPtr<CefBrowser> browser,
                                    CefRefPtr<CefDictionaryValue> request_info,
                                    CefString& overrideUserAgent) {
    return false;
  }

If a client implements this method, it should set overrideUserAgent and return true, otherwise return false for the default behavior.
|request_info| is currently a dictionary of strings, with various keys (currently only "url" is defined) for passing data from the request handler wrapper (InterceptedRequestHandlerWrapper - see below) to the client.
- This will be overriden in cefclient's ClientHandler by combining passed |request_info| and decide using application custom logic if a certain UA should be used, for example if |requst_info| has an "url" key and the host of this url is gmail.com, then set overrideUserAgent to "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0" and return true.
- the implementation is called from InterceptedRequestHandlerWrapper::OnBeforeRequest; after
Code: Select all
    request->headers.SetHeaderIfMissing(net::HttpRequestHeaders::kUserAgent,
                                                            init_state_->user_agent_);

is called, then the last chance if offered to the client by calling CefRequestHandler::GetOverrideUserAgent.
If this returns true and the returned UA is not empty, then another call to is issued with the value returned from client (excerpt from 90 patched):
Code: Select all
...
    // Add standard headers, if currently unspecified.
    request->headers.SetHeaderIfMissing(
        net::HttpRequestHeaders::kAcceptLanguage,
        init_state_->accept_language_);

    request->headers.SetHeaderIfMissing(net::HttpRequestHeaders::kUserAgent,
                                        init_state_->user_agent_);
+   // if browser says otherwise, override with it
+   std::string browser_user_agent =
+     GetUserAgentFromBrowser(init_state_->browser_, request->url);
+   if(!browser_user_agent.empty()) {
+     request->headers.SetHeader(net::HttpRequestHeaders::kUserAgent,
+                                browser_user_agent);
+   }
+
    const bool is_external = IsExternalRequest(request);
...

GetUserAgentFromBrowser is a helper function that calls GetOverrideUserAgent (it just creates a CefDictionaryValue, set "url" key to url.spec() and does the call).

Until now, it seems working.
ndesktop
Master
 
Posts: 748
Joined: Thu Dec 03, 2015 10:10 am

Re: Google Sign-in deprecation schedule

Postby finder2 » Thu Jul 08, 2021 4:01 am

I even can't post a comment on YT from CEF.
YT ghosts all of them if I post it from CEF.
Guys, can you try posting on YT?

Google is killing CEF step by step.
finder2
Techie
 
Posts: 46
Joined: Fri Jun 13, 2014 1:33 am

Re: Google Sign-in deprecation schedule

Postby ndesktop » Thu Jul 08, 2021 7:04 am

finder2 wrote:I even can't post a comment on YT from CEF.
YT ghosts all of them if I post it from CEF.
Guys, can you try posting on YT?

Google is killing CEF step by step.

Patch cef, and handle the gmail.com, accounts.google.com etc. domains to use another UA. Sorry, that is the situation.
ndesktop
Master
 
Posts: 748
Joined: Thu Dec 03, 2015 10:10 am

Re: Google Sign-in deprecation schedule

Postby finder2 » Thu Jul 08, 2021 7:10 am

ndesktop wrote:Patch cef, and handle the gmail.com, accounts.google.com etc. domains to use another UA. Sorry, that is the situation.


I used FireFox UA to login and could send commentsm but YT deletes all of them automatically.
Have you tried YT posting? Are the comments visible for guests after posting?
finder2
Techie
 
Posts: 46
Joined: Fri Jun 13, 2014 1:33 am

Re: Google Sign-in deprecation schedule

Postby ndesktop » Fri Jul 09, 2021 6:28 am

finder2 wrote:
ndesktop wrote:Patch cef, and handle the gmail.com, accounts.google.com etc. domains to use another UA. Sorry, that is the situation.


I used FireFox UA to login and could send commentsm but YT deletes all of them automatically.
Have you tried YT posting? Are the comments visible for guests after posting?

That is different than the login not working, but point taken. YT might have employed their own methods to detect CEF and instead of rejecting CEF, simply might make them invisible.
And yes, it seems logging in from a CEF-based app into youtube - even with a G-Suite paying account - does not show the comments.
ndesktop
Master
 
Posts: 748
Joined: Thu Dec 03, 2015 10:10 am

Re: Google Sign-in deprecation schedule

Postby rado » Fri Feb 04, 2022 10:37 am

Thank you for the "GetOverrideUserAgent" patch, I'll try it, but could patch be implemented into main CEF branch? It would not be practical to patch and rebuild CEF each time new version comes.

From security point of view I don't get how this google idea would increase security. If user installs "malware" browser, even if it cannot open google auth page directly, only redirect user to system browser, it has control over system so it can intercept password by keylogger or even "patch" system browser to get the password, etc.
rado
Expert
 
Posts: 145
Joined: Wed Oct 05, 2011 3:32 am

Re: Google Sign-in deprecation schedule

Postby amaitland » Fri Feb 04, 2022 2:56 pm

You can change the user agent at runtime using the DevTools protocol.

https://bitbucket.org/chromiumembedded/ ... ation-over
https://chromedevtools.github.io/devtoo ... ntOverride

No need to patch CEF
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am

Previous

Return to CEF Discussion

Who is online

Users browsing this forum: No registered users and 3 guests